hey Password Hacking Prob

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
apnaitaly
Registered User
Posts: 323
Joined: Tue Jun 30, 2009 6:13 pm

hey Password Hacking Prob

Post by apnaitaly »

Hey ,,

i have a realy big prob ,,, i have forum in phpbb 3.0.4 ,,

i have an user on my site ,, he was my freind ,,

now he is hacking users passwords ,, also Modrators ,, Super Modrators Passwords ,, and deleting forum deta and mush more ,, i dont know wat i have to do for him

i have ban him but he has changed his IP ,, plzzz tell me wat i have to doo , plzzzz

User avatar
Phil
Former Team Member
Posts: 10403
Joined: Sat Nov 25, 2006 4:11 am
Name: Phil Crumm
Contact:

Re: hey Password Hacking Prob

Post by Phil »

Passwords in phpBB's database are hashed in such a way that brute-forcing them is extremely difficult and time consuming. As such, chances are your "friend" may've gotten in through some other method. Did he by any chance have any sort of administrative permissions in the first place? What makes you so sure he's "password hacking" in order to gain access?
Moving on, with the wind. | My Corner of the Web

User avatar
Erik Frèrejean
Former Team Member
Posts: 9899
Joined: Tue Oct 09, 2007 9:09 am
Location: The Netherlands, 3.0.x Support Forum
Name: Erik Frèrejean
Contact:

Re: hey Password Hacking Prob

Post by Erik Frèrejean »

Ban him on user account.
How is he "hacking"? The phpBB passwords are ran through a strong hashing algorithm before they are being stored. Brute forcing these hashes isn't a quick task.
Support Toolkit | Support Request Template | Knowledge Base | phpBB 3.0.x documentation
I don't give support via PM or IM! (all unsolicited pms will be trashed!)

apnaitaly
Registered User
Posts: 323
Joined: Tue Jun 30, 2009 6:13 pm

Re: hey Password Hacking Prob

Post by apnaitaly »

watch now wat he done ,, he realy ,,, i dont have words for him ,,

Code: Select all

General Error
SQL ERROR [ mysqli ]

Access denied for user 'desinagar'@'localhost' (using password: YES) [1045]

An sql error occurred while fetching this page. Please contact an administrator if this problem persists.

he was Modrator on my forum ,, but few dasy ago i get back his permission ,,

now plz tell me wat i have to doo ,, plz tell me ,, Thanks ,,,

User avatar
Erik Frèrejean
Former Team Member
Posts: 9899
Joined: Tue Oct 09, 2007 9:09 am
Location: The Netherlands, 3.0.x Support Forum
Name: Erik Frèrejean
Contact:

Re: hey Password Hacking Prob

Post by Erik Frèrejean »

It looks like he has access to stuff he shouldn't have to. You probably gave him ftp/database access for some reason. Start with changing all passwords on your server and have all the administrators and moderators on your board change their passwords as well. (also double check his permissions)
Support Toolkit | Support Request Template | Knowledge Base | phpBB 3.0.x documentation
I don't give support via PM or IM! (all unsolicited pms will be trashed!)

Bobxbo
Registered User
Posts: 151
Joined: Mon Jul 21, 2008 1:57 pm
Location: Kent, UK

Re: hey Password Hacking Prob

Post by Bobxbo »

Going back to the ACP, also check which users have admin permissions, he could have created himself one or more other admin accounts ;)

apnaitaly
Registered User
Posts: 323
Joined: Tue Jun 30, 2009 6:13 pm

Re: hey Password Hacking Prob

Post by apnaitaly »

i am really very wooreid about him ,,

he is not modrator , or super modrator , or Admin permission on my forum ,, bcz when any modrator login forum i can see in ACP ,, when any modrator aur Admin change user password i can see in ACP , but he dont change password ,, i dont know how he can hack passwords ,, bcz i have channed users passwords but again he hacked password ,

i also tried to ban his ip but he always changed his ip ,, plz tell me how i can safe my forum ,, plz

User avatar
Elitzur
I've Been Banned!
Posts: 323
Joined: Sat Sep 15, 2007 7:49 am
Location: Europe, UK.
Contact:

Re: hey Password Hacking Prob

Post by Elitzur »

What permissions did he actually have? Because if he can do all of what he is doing now, you obviously gave
him a load of info you shouldn't have done.

You do have a backup of your forum and database don't you?

apnaitaly
Registered User
Posts: 323
Joined: Tue Jun 30, 2009 6:13 pm

Re: hey Password Hacking Prob

Post by apnaitaly »

he was aa modrator on my site ,, but i get back modrator permission ,,, now he is normal user ,,

nd i have forum backup and database ,, but i dont knwo how i can safe my users password ,, plz any mod or anythink else ,, plz

User avatar
Elitzur
I've Been Banned!
Posts: 323
Joined: Sat Sep 15, 2007 7:49 am
Location: Europe, UK.
Contact:

Re: hey Password Hacking Prob

Post by Elitzur »

If you have a backup of your forum, copy of the backup to your forums FTP area but make sure the backup
is called something different to your current forums name, i assume it is /phpbb/ or /forum/?

Upload the backup to the root and if you forums root name is one of the above call the backup something
like backup1 then upload all files, then once the backup is done re-name your current root to another name
and then re-name the backup to the correct root name. That will then if your code in the backup is not broken
(and what i mean by that is it doesn't have any bugs in it) it should restore the forum code.

Now to restore the database, go to the Admin CP then click Maintenance tab and then click the restore
database link down the side, then follow the correct actions to restore the database.

And I would personally ban him for causing you this much trouble really :roll:

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69722
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: hey Password Hacking Prob

Post by KevC »

apnaitaly wrote:he was aa modrator on my site ,, but i get back modrator permission ,,, now he is normal user ,,

nd i have forum backup and database ,, but i dont knwo how i can safe my users password ,, plz any mod or anythink else ,, plz
The point you seem to be missing is that being a moderator had nothing to do with it.

To change the config.php file he would have had FTP access to the files on the server. That's nothing to do with his phpBB permissions.
ElitZuR wrote:If you have a backup of your forum, copy of the backup to your forums FTP area but make sure the backup
is called something different to your current forums name, i assume it is /phpbb/ or /forum/?

Upload the backup to the root and if you forums root name is one of the above call the backup something
like backup1 then upload all files, then once the backup is done re-name your current root to another name
and then re-name the backup to the correct root name. That will then if your code in the backup is not broken
(and what i mean by that is it doesn't have any bugs in it) it should restore the forum code.

Now to restore the database, go to the Admin CP then click Maintenance tab and then click the restore
database link down the side, then follow the correct actions to restore the database.

And I would personally ban him for causing you this much trouble really :roll:
I don't quite get the point of backing it up and then restoring it again.
apnaitaly wrote:i dont knwo how i can safe my users password
The passwords are hashed. They cannot be undone.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

User avatar
Elitzur
I've Been Banned!
Posts: 323
Joined: Sat Sep 15, 2007 7:49 am
Location: Europe, UK.
Contact:

Re: hey Password Hacking Prob

Post by Elitzur »

What I meant was, upload your backup but name it something like '/backup1'/ because the current
forum root would be something link '/forum/' or '/phpbb/' - then once the backup was been uploaded
via the FTP then re-name the current forums root to something such as '/forum-02/' then straight after
change that change the backup name to '/phpbb/' or whatever his forum root name is called.

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69722
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: hey Password Hacking Prob

Post by KevC »

But you just end up with the same forum in the same place with the same name.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

apnaitaly
Registered User
Posts: 323
Joined: Tue Jun 30, 2009 6:13 pm

Re: hey Password Hacking Prob

Post by apnaitaly »

Kevin Clark wrote:
apnaitaly wrote:he was aa modrator on my site ,, but i get back modrator permission ,,, now he is normal user ,,

nd i have forum backup and database ,, but i dont knwo how i can safe my users password ,, plz any mod or anythink else ,, plz
The point you seem to be missing is that being a moderator had nothing to do with it.

To change the config.php file he would have had FTP access to the files on the server. That's nothing to do with his phpBB permissions.
ElitZuR wrote:If you have a backup of your forum, copy of the backup to your forums FTP area but make sure the backup
is called something different to your current forums name, i assume it is /phpbb/ or /forum/?

Upload the backup to the root and if you forums root name is one of the above call the backup something
like backup1 then upload all files, then once the backup is done re-name your current root to another name
and then re-name the backup to the correct root name. That will then if your code in the backup is not broken
(and what i mean by that is it doesn't have any bugs in it) it should restore the forum code.

Now to restore the database, go to the Admin CP then click Maintenance tab and then click the restore
database link down the side, then follow the correct actions to restore the database.

And I would personally ban him for causing you this much trouble really :roll:
I don't quite get the point of backing it up and then restoring it again.
apnaitaly wrote:i dont knwo how i can safe my users password
The passwords are hashed. They cannot be undone.


so plz wat i have to doo , can i have to change just config.php or i have to upload all the files in /fourm aur /phpbb folder via ftp ?


thanks

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69722
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: hey Password Hacking Prob

Post by KevC »

Change the FTP and control panel passwords and he'll stop getting in. Then you can do what you like.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

Locked

Return to “[3.0.x] Support Forum”