BB was hacked, login goes to webpage cannot be found

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
cmarshqqq
Registered User
Posts: 13
Joined: Tue Mar 27, 2007 9:29 pm

BB was hacked, login goes to webpage cannot be found

Post by cmarshqqq »

Your phpBB board URL: www.mapleleafneighborhood.org/forum
Template(s) used: none
Any and all MODs: none
Do you use a port of phpBB: no
Version of phpBB: 2.0.8 -> 2.0.22
Version of PHP: unknown
Which database server and version: mysql version ?
Host: apache ?
Did someone install this for you/who: I installed
Is this an upgrade/from what to what: 2.0.8 -> 2.0.22
Is this a conversion/from what to what:
Have you searched for your problem: yes
If so, what terms did you try: hacked login webpage cannot be found
State the nature of your problem:

my site was hacked - the main forum page was replaced with a page
that said "this site hacked by blah blah"
I looked for similar problems in this forum...
I downloaded starfox and installed it and ran it
I demoted a user that shouldn't have had admin privilages.
I sanitized about 6 instances of script? imbedded in forum descriptions
I was now able to see my main forum page
When I tried to login, it directed me to a page that said "webpage cannot be found"
... but in fact I was logged in ...
if I went to some other page, e.g. memberlist, it worked and I could access the admin panel
via the link at the bottom of the page.
I cleaned up all the forum descriptions and MANY entries in the General Admin/configuration section,
like script path, date format, cookie domain, name and path and several others.
if the entry description gave an example of what could be entered, then I entered that
example. e.g. I entered "images/smiles" for smilies. Any fields that didn't have suggested
examples got left blank. cookie related info got left blank...
Now when I login in, the crap is gone from the forum descriptions but after the login it
still goes to webpage that says "webpage cannot be found". it does successfully log me in.
Since I was running phpBB version 2.0.8 I went through the procedure to upgrade to 2.0.22.
I expanded the tar.gz file inplace on my server.
I renamed the phpBB2 install directory to "forum".
I copied in my old config.php
I ran update_to_latest.php
this ran ok but when I pressed the link to visit the General Configuration settings page
it gave me the "webpage cannot be found" page.
I skipped that step and deleted the instal and contrib directories.
I go to login and the login works but it still directs me to the "webpage cannot be found" page.

Also, if I try to go to the admin panel, that also gives the "webpage cannot be found" page.

Thanks for any help

Do you have a test account for us: I am unable to activate a new account. I can create the
new account but when the activation email comes and I click the link to activate I again
get the "webpage cannot be found" page...
If so, please have it ready in case a Support Team Member asks for it.
User avatar
karlsemple
Former Team Member
Posts: 39802
Joined: Mon Nov 01, 2004 8:54 am
Location: Hereford, UK
Contact:

Re: BB was hacked, login goes to webpage cannot be found

Post by karlsemple »

To be honest the admin toolkit is by no means the answer to fixing a hacked board, before messing with the you should have filed a report with the IIT http://www.phpbb.com/incidents/ and let them help you fix this. The problem now is you could have damaged the forum as much as the hacker. That said this might just be a cookie and script path issue caused by the hack so try the auto cookie mod
Download Auto Cookies MOD

then, unzip it to your computer,


then upload the included install folder, to your phpbb folder on the server.,

then , in your browser, go to:
yourdomain.com/yourphpbbb/install/cookie.php

then click the button to accept the settings it finds.

then delete the install folder.

Then you and all your members MUST do the cookie dance:

step 1. log out
step 2. clear your browser cookie
step 3. clear your browser cache/temporary internet files
step 4. close your browser
step 5. go back and test


done.

If it does not work run the auto cookie mod again but do not accept the settings, instead post the suggested and current settings here for us to look at.
Image
User avatar
ric323
Former Team Member
Posts: 22910
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: BB was hacked, login goes to webpage cannot be found

Post by ric323 »

It's a "script path" problem. You have blank where you should have "/forum/"
The auto cookie mod Karl suggested will fix this.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
cmarshqqq
Registered User
Posts: 13
Joined: Tue Mar 27, 2007 9:29 pm

Re: BB was hacked, login goes to webpage cannot be found

Post by cmarshqqq »

Thanks for you help so far...

I installed the cookie MOD per instructions.
I submitted it's suggestions.

Now when I go to www.mapleleafneighborhood.org/forum I get a white screen w/ no text

I put the cookie MOD back to try again but when I run it, I also get a white screen w/ no text.

Here are the settings from the first time I ran it.

before

My Current Cookie Settings:
  • Domain Name: mapleleafneighborhood.org
  • Server Port: 80
  • Script path:
  • Cookie secure: Disabled
  • Cookie domain:
  • Cookie path:
  • Cookie name:
  • Session length [ seconds ]: 3600
  • Allow automatic logins: Yes
  • Automatic login key expiry: 0
suggested

My Suggested Cookie Settings:
  • Domain Name: www.mapleleafneighborhood.org
  • Server Port: 80
  • Script path: /forum/
  • Cookie secure: Disabled
  • Cookie domain: .mapleleafneighborhood.org
  • Cookie path: /forum
  • Cookie name: mapleleafn_forum
  • Session length [ seconds ]: 3600
  • Allow automatic logins: Yes
  • Automatic login key expiry: 0
cmarshqqq
Registered User
Posts: 13
Joined: Tue Mar 27, 2007 9:29 pm

Re: BB was hacked, login goes to webpage cannot be found

Post by cmarshqqq »

I forgot to check Notify me when a reply is posted...
cmarshqqq
Registered User
Posts: 13
Joined: Tue Mar 27, 2007 9:29 pm

Re: BB was hacked, login goes to webpage cannot be found

Post by cmarshqqq »

Hi folks,
I followed your suggestions (trying the cookie MOD) but it hasn't worked. Can someone look at this a little further with me? Thanks.
User avatar
ChrisRLG
Former Team Member
Posts: 3420
Joined: Wed Nov 24, 2004 3:18 pm
Location: Essex, UK
Contact:

Re: BB was hacked, login goes to webpage cannot be found

Post by ChrisRLG »

That is the 'code' behind the 'blank' page.

Code: Select all

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY></BODY></HTML>
Have you left an index.html file in the "/forum/" folder - if so delete (or rename) it and see if that cures the problem.
phpBB: The All Important Rules - Bertie Bear 3.0 - No support via PM system - use the forums please.
phpBB v2: Retirement (1/1/2009) : phpBB v3: Read Me Topic - Custom BBCodes - Support Template
Matthew 7:7"Ask and it will be given to you; seek and you will find; knock and a door will be opened to you."
My Links: MS MVP (Consumer Security) - Malware Removal:University - Own Forum: Custom BBCode testing
cmarshqqq
Registered User
Posts: 13
Joined: Tue Mar 27, 2007 9:29 pm

Re: BB was hacked, login goes to webpage cannot be found

Post by cmarshqqq »

there is no index.html in the forum folder. Only index.php
cmarshqqq
Registered User
Posts: 13
Joined: Tue Mar 27, 2007 9:29 pm

Re: BB was hacked, login goes to webpage cannot be found

Post by cmarshqqq »

the cookie MOD set my cookie path to
.mapleleafneighborhood.org
with a period on the front.
Is this correct ?
User avatar
ChrisRLG
Former Team Member
Posts: 3420
Joined: Wed Nov 24, 2004 3:18 pm
Location: Essex, UK
Contact:

Re: BB was hacked, login goes to webpage cannot be found

Post by ChrisRLG »

Yep I just did some checking.

In which case it looks like the contents of index.php have been altered in some way.

Not sure if the software here allows the attachment of files - if it does could you get your index file and upload a copy so I (or others) can check the contents.

Failing that - get a copy from the phpbb.com downloads and check it against the copy on your website.
phpBB: The All Important Rules - Bertie Bear 3.0 - No support via PM system - use the forums please.
phpBB v2: Retirement (1/1/2009) : phpBB v3: Read Me Topic - Custom BBCodes - Support Template
Matthew 7:7"Ask and it will be given to you; seek and you will find; knock and a door will be opened to you."
My Links: MS MVP (Consumer Security) - Malware Removal:University - Own Forum: Custom BBCode testing
cmarshqqq
Registered User
Posts: 13
Joined: Tue Mar 27, 2007 9:29 pm

Re: BB was hacked, login goes to webpage cannot be found

Post by cmarshqqq »

I compared the forum/index.php on my web server with the one I extracted from the phpBB-2.0.22.zip on Windows XP. They appear to be the same except for CRLF differences...

I could not attach index.php (extension php is not allowed). I renamed the file as index.txt and it said the extension TXT is not allowed ???
User avatar
ChrisRLG
Former Team Member
Posts: 3420
Joined: Wed Nov 24, 2004 3:18 pm
Location: Essex, UK
Contact:

Re: BB was hacked, login goes to webpage cannot be found

Post by ChrisRLG »

hmmm - out of the window goes that idea. :(

=====

In that folder do you have any other files as index.??? (any other extension) or is index.php the only one.

do you have any "htaccess" file in that folder, if so can you open a copy with notepad, and copy the contents to a reply here, in a code box please.

As you cannot upload the index.php file here, could you use my test phpBB3 forum to do so (see signature) - just in case I can see something.
phpBB: The All Important Rules - Bertie Bear 3.0 - No support via PM system - use the forums please.
phpBB v2: Retirement (1/1/2009) : phpBB v3: Read Me Topic - Custom BBCodes - Support Template
Matthew 7:7"Ask and it will be given to you; seek and you will find; knock and a door will be opened to you."
My Links: MS MVP (Consumer Security) - Malware Removal:University - Own Forum: Custom BBCode testing
cmarshqqq
Registered User
Posts: 13
Joined: Tue Mar 27, 2007 9:29 pm

Re: BB was hacked, login goes to webpage cannot be found

Post by cmarshqqq »

I emailed the index.php to you.
There is no other index.* file in the forum folder
there is no .htaccess file in the forum folder
User avatar
ChrisRLG
Former Team Member
Posts: 3420
Joined: Wed Nov 24, 2004 3:18 pm
Location: Essex, UK
Contact:

Re: BB was hacked, login goes to webpage cannot be found

Post by ChrisRLG »

received.

well you are correct - it looks normal enough.

I think I have run out of ideas now.

I will ask a friend if he has any idea if any non phpBB things could be active with this.

You could try to ru the cookie fix again - I did hear that sometimes a second running will fix.
phpBB: The All Important Rules - Bertie Bear 3.0 - No support via PM system - use the forums please.
phpBB v2: Retirement (1/1/2009) : phpBB v3: Read Me Topic - Custom BBCodes - Support Template
Matthew 7:7"Ask and it will be given to you; seek and you will find; knock and a door will be opened to you."
My Links: MS MVP (Consumer Security) - Malware Removal:University - Own Forum: Custom BBCode testing
cmarshqqq
Registered User
Posts: 13
Joined: Tue Mar 27, 2007 9:29 pm

Re: BB was hacked, login goes to webpage cannot be found

Post by cmarshqqq »

my reply seems to have gotten misplaced... so I am replying again...

I did try to run the cookie MOD again but it also gives the white page
the new user registration page also gives the white page
I also did a grep -r 1252 *.* in the forum folder just for grins. 1252 is the code page mentioned in the source for the white page. the grep found nothing.

Are you sure that
.mapleleafneighborhood.org
is the correct cooking path. I do not remember ever seeing this in the BB admin panel...
Locked

Return to “2.0.x Support Forum”