I am not the owner but an admin on the forum that is phpB 2.0.11 and we just got hacked & defaced by a couple of frenchies and we can't get anything back even in the admin panel.
What do you suggest?
This is the forum: --removed
Is there any way to become "UNhacked"??
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Is there any way to become "UNhacked"??
Last edited by ric323 on Wed Sep 24, 2008 11:42 pm, edited 1 time in total.
Reason: Topic icon changed
Reason: Topic icon changed
-
ric323
- Former Team Member
- Posts: 22910
- Joined: Tue Feb 06, 2007 12:33 am
- Location: Melbourne, Australia
- Name: Ric
- Contact:
Re: Is there any way to become "UNhacked"??
I have removed your board's URL, as it is not needed here, and the hack may well have left a virus on your website.The 'ReadMe Before Posting / Frequently Asked Questions' topic at the head of this forum wrote:
- My board has been hacked, what do I do? #
Please do the following before making any modifications to your board (this includes changing passwords, editing files, running the admin toolkit, etc.):
1) Save a copy of the files (simply create a local copy of the files on the server).
2) Save a copy of the database.
3) Save the server access logs for the time of the hack (they may be available in the 'logs' directory on the server, in your host's control panel or only by request directly from your host).
4) File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
Re: Is there any way to become "UNhacked"??
Thank you for the prompt reply. 
-
Elias
- Registered User
- Posts: 5138
- Joined: Sat Feb 25, 2006 4:31 pm
- Location: In the Water!
- Name: Elias
Re: Is there any way to become "UNhacked"??
Well how about starting to update your forum to the last version .23.
"Mystery creates wonder, and wonder is the basis of man's desire to understand." - Neil Armstrong
|Installing Extensions|Writing Extensions|Extension Validation Policy|
Offering private web hosting. Contact me for details.
|Installing Extensions|Writing Extensions|Extension Validation Policy|
Offering private web hosting. Contact me for details.
-
ric323
- Former Team Member
- Posts: 22910
- Joined: Tue Feb 06, 2007 12:33 am
- Location: Melbourne, Australia
- Name: Ric
- Contact:
Re: Is there any way to become "UNhacked"??
Not before following the instructions above, though, or you will destroy the evidence of what happened!EY wrote:Well how about starting to update your forum to the last version .23.
--topic locked, as there is no value in public speculation
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
-
ric323
- Former Team Member
- Posts: 22910
- Joined: Tue Feb 06, 2007 12:33 am
- Location: Melbourne, Australia
- Name: Ric
- Contact:
Re: Is there any way to become "UNhacked"??
Just to close off this question, I just received the following PM from the OP.
(I asked and obtained their permission to post it here.)
My original advice to him back then:
(I asked and obtained their permission to post it here.)
My original advice to him back then:
and his recent update:ric323 wrote:What version did you have?
There was no security problem in 2.0.22 that would allow anything like that. This is more likely to be a problem with the security of your web host, in which case it won't matter what software you change to. phpBB is only as secure as the environment it is running in.
kabo0m wrote:Yeah we have since left phpbb and went to SMF as we thought that was the issue ... until SMF got hacked.
The funny thing is the two really smart tech geeks of the forums couldn't figure it out .. searching through logs and code of the forums ..
And then I figured out where the hackers were getting in from! The main website! There was a very simple php uploader for images that was being exploited by the hackers uploading files with names like ahlshdf.php.jpg
Well the uploader would read the last extension but the FTP would read the first one. Thus the hackers were able to execute actions via their php program they wrote. It was quite detailed.
Since then we have disabled the php image uploader and have not gotten hacked since.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions