version 2.0.18 Hacked

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Kaat
Registered User
Posts: 8
Joined: Mon Apr 15, 2002 9:33 am

version 2.0.18 Hacked

Post by Kaat »

Hello everybody,

My excuses in advance if I post my question in the wrong place or doing other things the wrong way. I am not familiar on this forum and my technical-english is not great.

Even so, I have I problem and I could not find a similair with the seach-tool.

I had a forum wich I did not update on time (2.0.11), so on Sunday tot Monday night it was hacked. Called the hoster and he replaced the back-ups (files and DB) and I immediately updated the forum to the latest version.

But this afternoon, it was hacked again. The hoster, in whom I really trust, could not find how the hacked the forum. He searched the logs an I searched for hidden admin-accounts. We could not find anything. What also was strange, is that non of the admin’s could log-off or on from their own computers. Only the hoster could log-on with our accounts and passwords.

I had 3 poker-accounts, the last three accounts from this week. I found something about them, so we threw them out! Also I configured the activation by admin.

The problem is, that this forum is ment for an specific group of people who are not known for their excellent computer-skills and are mostly physically disabled, so it is important to keep acces so easy as possibly can. The other forums I am running, ar running with more security precautions.

Is there somebody who wants to take a look at this? We already restored the forum etc etc. But we still have the log-files. We where hacked by http://users.cjb.net/buldum/umut4.htm

Best regards,
Erica
who_cares
Registered User
Posts: 5106
Joined: Fri Jan 14, 2005 11:04 pm
Location: ATL
Contact:

Post by who_cares »

you probably didn't clean up from the last hack properly.
did you overwrite all files except config.php? (You should open it to look for bad code)
did you go through the users table for admins and mods?
did you check the config table for code in any of those fields?
did you go through the posts tables and forum tables for bad code?
Kaat
Registered User
Posts: 8
Joined: Mon Apr 15, 2002 9:33 am

Post by Kaat »

who_cares wrote: you probably didn't clean up from the last hack properly.
did you overwrite all files except config.php? (You should open it to look for bad code)
did you go through the users table for admins and mods?
did you check the config table for code in any of those fields?
did you go through the posts tables and forum tables for bad code?


We dit clean up as we replaced an older and perfectly in orde back-up, files aswell als Dbase. Also the configfile was replaced. Of course I checked also for mods etc. The tables where checked by the hoster.

I also removed the poker-people who registered the last couple of days.

The forum has not been hacked again, but we are very curious what they did as we could not find anything.
Vic D'Elfant
Former Team Member
Posts: 6203
Joined: Sun May 02, 2004 6:21 pm
Location: NL, Maastricht
Contact:

Re: version 2.0.18 Hacked

Post by Vic D'Elfant »

Kaat wrote: I had a forum wich I did not update on time (2.0.11), so on Sunday tot Monday night it was hacked.

So we are talking about phpBB 2.0.11 here, instead of phpBB 2.0.18, as your topic's title indicates?

Vic
midd.ag • DTP, web development & printing
http://www.midd.ag
User avatar
lurttinen
Translator
Posts: 4670
Joined: Tue Sep 21, 2004 12:05 pm

Re: version 2.0.18 Hacked

Post by lurttinen »

Vic D'Elfant wrote:
Kaat wrote:I had a forum wich I did not update on time (2.0.11), so on Sunday tot Monday night it was hacked.

So we are talking about phpBB 2.0.11 here, instead of phpBB 2.0.18, as your topic's title indicates?

Vic

I had a forum wich I did not update on time (2.0.11), so on Sunday tot Monday night it was hacked. Called the hoster and he replaced the back-ups (files and DB) and I immediately updated the forum to the latest version.


What i would like to know is how did you do the upgrade?
Could you please describe the procedure to us?
Signature is here
skorpiius
Registered User
Posts: 72
Joined: Mon Nov 21, 2005 11:10 pm

Post by skorpiius »

Is it possible that your forum had already been hacked and compromised before you did that backup, but the hacker had not done any damage yet?
who_cares
Registered User
Posts: 5106
Joined: Fri Jan 14, 2005 11:04 pm
Location: ATL
Contact:

Post by who_cares »

skorpiius wrote: Is it possible that your forum had already been hacked and compromised before you did that backup, but the hacker had not done any damage yet?

certainly possible
harzem
Registered User
Posts: 32
Joined: Fri Nov 18, 2005 7:21 pm

Re: version 2.0.18 Hacked

Post by harzem »

Kaat wrote: We where hacked by http://users.cjb.net/buldum/umut4.htm


What does this mean? This is a free forum address or user that seems to be invalid now (not used for past 30 days). I can really help you on finding who did it. Because I suspect on something, but let me keep it until I'm sure.
Shanana
Registered User
Posts: 368
Joined: Sat Aug 28, 2004 4:03 am
Location: USA [from London, England]

Post by Shanana »

skorpiius wrote: Is it possible that your forum had already been hacked and compromised before you did that backup, but the hacker had not done any damage yet?


I was going to say this, because the same thing happened to a friend of mine before 2.0.18 was released [with 2.0.16 & she upgraded to 2.0.17.]
Kaat
Registered User
Posts: 8
Joined: Mon Apr 15, 2002 9:33 am

Re: version 2.0.18 Hacked

Post by Kaat »

Vic D'Elfant wrote:
Kaat wrote:I had a forum wich I did not update on time (2.0.11), so on Sunday tot Monday night it was hacked.

So we are talking about phpBB 2.0.11 here, instead of phpBB 2.0.18, as your topic's title indicates?

Vic


I am very sorry if I posted the wrong way, as I said, I am not familiar here and trying to do my best.

At first it was 2.0.11 that was hacked, that is right and my own stupid fault as I did not act ontime.

Then we replaced a back-up wich was in order as far as I can see. The first thing I did, only a few seconds later, was updating the forum. I used the changed files pack 2.0.11 to 2.0.18.

I threw out te pokerguys, my suspects, after the second hack. But after the first hack I already checked ther permissions.

The link that I posted showed a message from the barbarity hackers, also it showed the name Alpalaran or something like that, a Turkish flag and the message that my country takes part in to violance to their country and that that was te reason they hacked us.

Mayby I did something very stupid and no problem when it is my own fault, I honestly would like to know what went wrong and how the did 2.0.18. Hacking the former version is my own fault and it is clear to me as the vunarelabilities are written here on the community.

Best regards,
Erica
Kaat
Registered User
Posts: 8
Joined: Mon Apr 15, 2002 9:33 am

Re: version 2.0.18 Hacked

Post by Kaat »

harzem wrote:
Kaat wrote:We where hacked by http://users.cjb.net/buldum/umut4.htm


What does this mean? This is a free forum address or user that seems to be invalid now (not used for past 30 days). I can really help you on finding who did it. Because I suspect on something, but let me keep it until I'm sure.


The link that I posted showed a message from the barbarity hackers, also it showed the name Alpalaran or something like that, a Turkish flag and the message that my country takes part in to violance to their country and that that was te reason they hacked us.
geocator
Registered User
Posts: 16242
Joined: Fri Jan 09, 2004 11:56 pm
Location: On dry land
Contact:

Post by geocator »

How did you update? Do you have any MODs installed? Have you checked your database for any extra admin accounts?
Kaat
Registered User
Posts: 8
Joined: Mon Apr 15, 2002 9:33 am

Post by Kaat »

skorpiius wrote: Is it possible that your forum had already been hacked and compromised before you did that backup, but the hacker had not done any damage yet?


I don't know, the hoster spended a little time to check out the log files first and second time but could'nt see any strange things the second time.

As I said earlier, mayby I did something increadibly stupid or so, I just would like to know............
User avatar
bonelifer
Community Team Member
Community Team Member
Posts: 3511
Joined: Wed Oct 27, 2004 11:35 pm
Name: William
Contact:

Post by bonelifer »

Check this out. http://starfoxtj.no-ip.com/phpbb/toolkit/ It will allow you to check for unauthorized admins/mods created by the hackers. Just follow the directions and it fairly easy.
Knowledge Base | phpBB Board Rules | Search Customisation Database
Image
Please don't contact me via PM or email for phpBB support .
Kaat
Registered User
Posts: 8
Joined: Mon Apr 15, 2002 9:33 am

Post by Kaat »

geocator wrote: How did you update? Do you have any MODs installed? Have you checked your database for any extra admin accounts?


No Mods installed.
Updated as usual, changed files only, 2.0.11 to 2.0.18 and overwritten. Then replaced a configfile that I was pretty sure of that it was save and proceded the upgrade succesfully!

The hoster checked the dbase for admins and mods and even changed passwords of the exsisting accounts whit permission. Nothing strange came out!
Locked

Return to “2.0.x Discussion”