Admin Forum Hacked Into!

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
Beth
Registered User
Posts: 248
Joined: Mon May 19, 2003 10:57 pm

Admin Forum Hacked Into!

Post by Beth » Mon May 05, 2008 9:24 pm

Somebody signed up today and managed to post (porn) in our admin/moderator forum.
The poster stated he was using his "Admin priveleges".

We always upgrade as soon as possible, so I can't figure out where a vulnerability might be hiding.

Any suggestions??
:cry:

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69295
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Admin Forum Hacked Into!

Post by KevC » Mon May 05, 2008 9:29 pm

What version are you running?

You can use the starfox admin toolkit linked in my sig below to check who has admin privileges.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

Beth
Registered User
Posts: 248
Joined: Mon May 19, 2003 10:57 pm

Re: Admin Forum Hacked Into!

Post by Beth » Mon May 05, 2008 9:32 pm

I have that, but for some reason the password there doesn't work any longer.
Thought it was same as my username log-in??
Now I'm wondering if that is part of it.

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69295
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Admin Forum Hacked Into!

Post by KevC » Mon May 05, 2008 9:33 pm

It's whatever you set it to be in the file itself. You can download the toolkit file from the server, open it in a text editor and see what the login for it is.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

Beth
Registered User
Posts: 248
Joined: Mon May 19, 2003 10:57 pm

Re: Admin Forum Hacked Into!

Post by Beth » Mon May 05, 2008 9:48 pm

Got it.
Uploaded your latest version.
The offender was listed simply as "user", so I'm at a loss to figure out how he accessed that forum, and how to prevent getting hacked in the future.

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69295
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Admin Forum Hacked Into!

Post by KevC » Mon May 05, 2008 9:52 pm

Check the permissions for that forum.


If you believe it's all correct then report it to the incident tracking team.
http://www.phpbb.com/incidents/
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

Beth
Registered User
Posts: 248
Joined: Mon May 19, 2003 10:57 pm

Re: Admin Forum Hacked Into!

Post by Beth » Mon May 05, 2008 9:53 pm

Yeah, permissions and everything are fine.
Seeing as he was listed as user, I'm a little more at ease.
Might need to upload a password mod for that forum or something.

User avatar
ric323
Former Team Member
Posts: 22909
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Admin Forum Hacked Into!

Post by ric323 » Mon May 05, 2008 10:34 pm

If the permissions on that forum were set correctly, then he could not have posted there. You shouldn't need any extra MOD to keep it private.

You won't get much help if you just say "everything is set correctly, but it's not working..."
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions

Beth
Registered User
Posts: 248
Joined: Mon May 19, 2003 10:57 pm

Re: Admin Forum Hacked Into!

Post by Beth » Mon May 05, 2008 10:52 pm

The permission is set as Mod/Hidden for all purposes.
This new user DID in fact post in it, so......

The only other thing I can think could have happened was he got into the database, and changed his permissions back?
Doubtful....

User avatar
ric323
Former Team Member
Posts: 22909
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Admin Forum Hacked Into!

Post by ric323 » Mon May 05, 2008 10:57 pm

It sounds like time to report this to the Incident Tracker then, as already advised.
You need this fixed, and don't want to discuss details in public.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions

Beth
Registered User
Posts: 248
Joined: Mon May 19, 2003 10:57 pm

Re: Admin Forum Hacked Into!

Post by Beth » Mon May 05, 2008 11:07 pm

Posted in the incident tracker.
Thanks for the advice.

User avatar
stickerboy
Former Team Member
Posts: 7349
Joined: Mon Mar 29, 2004 2:27 pm
Location: Airdrie, UK (127.0.0.1)
Name: Kenny Cameron
Contact:

Re: Admin Forum Hacked Into!

Post by stickerboy » Thu May 08, 2008 9:39 am

Movesd to Support
I'm a web-designing code-decrypting tech-support musician
|| Twitter || Flickr || phpBB Snippets ||
Formerly known as cherokee red

Locked

Return to “2.0.x Support Forum”