Cyber Satin - hacked - new problem

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
twaldher
Registered User
Posts: 41
Joined: Sun Apr 28, 2002 8:58 am

Cyber Satin - hacked - new problem

Post by twaldher » Thu Jan 02, 2003 4:15 pm

ok.. I'm on a hosted server, I talked to them and they ARE on apache 2.0.3. Now I have them further looking in to their security.

But... I am guessing this is a script run by someone that changes the title. Anyone know what else it does? I'm trying to clean it up.

BesigedB
Registered User
Posts: 172
Joined: Sat Mar 16, 2002 2:48 pm
Location: Edinburgh / Scotland
Contact:

Post by BesigedB » Thu Jan 02, 2003 4:31 pm

apache 2.0.3 heh. you getting your numbers confused?
Administrator of the no effort online forums

FX
Registered User
Posts: 254
Joined: Thu Aug 01, 2002 9:29 pm
Location: France
Contact:

Post by FX » Thu Jan 02, 2003 4:35 pm

apache 2.0.3 -> current version of apace 2.0.43 or 1.3.27.

Curent phpbb : 2.0.3

twaldher
Registered User
Posts: 41
Joined: Sun Apr 28, 2002 8:58 am

Post by twaldher » Thu Jan 02, 2003 4:36 pm

ok.. I read a thread on this site that said make sure apache was current. not version 2.0.0, upgrade to 2.0.3. did they mean make sure phpBB was current?

(I haven't upgraded yet, only because I haven't wanted to risk killing the site)

Back to the question though, besides changing domain name, title what else is typically changed? anything?

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Thu Jan 02, 2003 4:39 pm

Whoa. Let's back up here.
1. What version of phpBB are you running?
2. Any MODs installed?
3. What version of Apache are you running?
4. It is supposed to be "make sure phpBB is current"
Proven Offensive Security Expertise. OSCP - GXPN

twaldher
Registered User
Posts: 41
Joined: Sun Apr 28, 2002 8:58 am

Post by twaldher » Thu Jan 02, 2003 4:48 pm

phpBB v2.0.0
Spelling Mod has been added, thats it.
Apache version - not sure, was told most current, cant find where to check. (hosted site)

FX
Registered User
Posts: 254
Joined: Thu Aug 01, 2002 9:29 pm
Location: France
Contact:

Post by FX » Thu Jan 02, 2003 4:50 pm

updae to phpbb 2.0.3 immediatly

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Thu Jan 02, 2003 4:54 pm

Then that'd be why. Always keep phpBB current.
Proven Offensive Security Expertise. OSCP - GXPN

trishaa
Registered User
Posts: 13
Joined: Fri Dec 13, 2002 3:41 am

Post by trishaa » Mon Jan 06, 2003 6:13 am

This happened to me too. I just finished moving the whole site, including the phpbb database, to a new server, for unrelated reasons. When moving I set it up with the newest version of phpbb. Through phpmyadmin, I could see that the title and description of the message board had been changed by the hackers. I changed them back to what they are supposed to be. Is there anything else that needs to be changed? I didn't see anything else wrong and it seems to be functioning ok.

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Mon Jan 06, 2003 3:29 pm

Just keep an eye out for anything else. And by the way, it is cracker, not hacker. ;)
Proven Offensive Security Expertise. OSCP - GXPN

trishaa
Registered User
Posts: 13
Joined: Fri Dec 13, 2002 3:41 am

Post by trishaa » Mon Jan 06, 2003 3:53 pm

Just keep an eye out for anything else.


Why? Do they sometimes do more than they did? Or do you think they may come back again? I doubt they would be able to do anything this time, since I have the updated version and I think the new server is set up more securely.
And by the way, it is cracker, not hacker.


Sorry, I believe I saw you mention this someplace else. While I am familiar with the more historical definition of a hacker, it is not real clear to me how cracker is defined.

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Mon Jan 06, 2003 4:07 pm

trishaa wrote:
Just keep an eye out for anything else.


Why? Do they sometimes do more than they did? Or do you think they may come back again? I doubt they would be able to do anything this time, since I have the updated version and I think the new server is set up more securely.
Just to be sure. Sometimes more damage is done than is immediately visible. Sometimes not.
trishaa wrote:
And by the way, it is cracker, not hacker.


Sorry, I believe I saw you mention this someplace else. While I am familiar with the more historical definition of a hacker, it is not real clear to me how cracker is defined.


Hacker is a programmer, or, someone who is good at what the do. A hack woodsmith is a woodsmith who is good at what they do. They don't do any damage. A hacker may try to find a security hole but they don't do anything beyond that. They will try their best to report it and/or close the hole. They won't try to do any damage.
Cracker is someone who does damage, exploits security holes, etc. Crack=break. Crack a password, break a password. Crack in to a system, break in to a system. Crack a windshield, break a windshield.

http://www.tuxedo.org
Proven Offensive Security Expertise. OSCP - GXPN

Locked

Return to “2.0.x Support Forum”