Page 1 of 1

Somebody just hacked my website phpbb3

Posted: Fri Dec 18, 2009 5:42 pm
by Intruder
hacked and changed my admin logging password"how i can change password?", i had to rename the folder of the phbb3! how i can protect my site? thank you!

Re: Somebody just hacked my website phpbb3

Posted: Fri Dec 18, 2009 5:55 pm
by stevemaury
If you board has been hacked, please do the following before making any modifications to your board (this includes changing passwords, editing files, running the support toolkit, etc.):
1) Save a copy of the files (simply create a local copy of the files on the server).
2) Save a copy of the database.
3) Save the server access logs for the time of the hack (they may be available in the 'logs' directory on the server, in your host's control panel or only by request directly from your host).
4) File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.

Re: Somebody just hacked my website phpbb3

Posted: Fri Dec 18, 2009 6:24 pm
by Intruder
i just did downloaded the log from the control panel! and submit them to incident tracker! i had to compress them the 4 files in one rar file!
paintedtruth.com.rar

it happened from about an hour and lucky me i was online, so i had to login throw ftp and rename the folder of the phpbb3 forum!
what should i do right now? how i can retrieve passwords?

Re: Somebody just hacked my website phpbb3

Posted: Fri Dec 18, 2009 8:22 pm
by Lumpy Burgertushie
if you have truly been hacked, you will be the first that I have heard of.

In phpmyadmin, run the following, which will create an admin user named admin1 with a password of admin. From that point you should be able to get into the ACP. Change your table prefix if it is not phpbb_.

Code: Select all

INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_from, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_website, user_occ, user_interests, user_actkey, user_newpasswd) VALUES (3, 5, 'Admin1', 'admin1', 0, '21232f297a57a5a743894a0e4a801fc3', 'admin@yourdomain.com', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', '', '', '', '', '', '', '', '');
then you can do whatever you need to do about admin accounts.

there are no known exploits of phpbb3. however, they could have gotten into your server by other means.



robert

Re: Somebody just hacked my website phpbb3

Posted: Fri Dec 18, 2009 8:25 pm
by Lumpy Burgertushie
until you are sure that your site has really been hacked, would you mind changing the title of your post to something less likely to start a panic.

thanks,
robert

Re: Somebody just hacked my website phpbb3

Posted: Fri Dec 18, 2009 8:54 pm
by Intruder
My forum phpbb3 has been hacked so easily, i was surprised! i have generate a report throw incident tracker with "the whole log and database!"

i am inside phpmyadmin on my server! i tried to copy paste the following test inside query window, but i got this!
Error

SQL query:

INSERT INTO phpbb_users( user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_from, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_website, user_occ, user_interests, user_actkey, user_newpasswd )
VALUES ( 3, 5, 'Admin1', 'admin1', 0, '21232f297a57a5a743894a0e4a801fc3', 'admin@yourdomain.com', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', '', '', '', '', '', '', '', '' )

MySQL said: Documentation
#1054 - Unknown column 'user_type' in 'field list'

Re: Somebody just hacked my website phpbb3

Posted: Fri Dec 18, 2009 10:32 pm
by Intruder
i had to delete the whole folder and install the script again! and replaced the folder that i have with the newely installed with a new user name and password! i can log and edit normal! but all my files and members has gone? is there a way to get post back to forum? its not in restore folder! but i saved the whole folder on my pc before delete!

Re: Somebody just hacked my website phpbb3

Posted: Sat Dec 19, 2009 12:46 am
by TrZ
You say you saved the folder, did you save the database before you reinstalled the script?

Re: Somebody just hacked my website phpbb3

Posted: Sat Dec 19, 2009 2:59 am
by Intruder
TrZ wrote:You say you saved the folder, did you save the database before you reinstalled the script?
i saved everything but after the hack! as i said again, during the hack i have renamed the /v3/ folder and downloaded the whole folder using ftp to my pc. but now i lost everything! ughhh

Re: Somebody just hacked my website phpbb3

Posted: Sat Dec 19, 2009 12:33 pm
by Intruder
Somebody hacked the site again, eliminate Activation per admin! Damn what is going on? look in here!
http://img191.imageshack.us/img191/6079 ... ration.jpg
Image

Re: Somebody just hacked my website phpbb3

Posted: Sat Dec 19, 2009 12:38 pm
by Pit$Bull
stevemaury wrote:If you board has been hacked, please do the following before making any modifications to your board (this includes changing passwords, editing files, running the support toolkit, etc.):
1) Save a copy of the files (simply create a local copy of the files on the server).
2) Save a copy of the database.
3) Save the server access logs for the time of the hack (they may be available in the 'logs' directory on the server, in your host's control panel or only by request directly from your host).
4) File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.

Re: Somebody just hacked my website phpbb3

Posted: Sat Dec 19, 2009 12:42 pm
by KevC
Intruder wrote:Somebody hacked the site again, eliminate Activation per admin!
Turning off your board email will do that by the way.