help posibly hacked

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Get Involved
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
squeek
Registered User
Posts: 173
Joined: Sat Jan 20, 2007 12:43 am

help posibly hacked

Post by squeek »

hi guys, i just got an email from my ISP telling me my computer has been ddos attacking other machines so i installed pg2 to see what is happening and sure enough there is serious UDP flooding.
my lil forum is phpbb3 and it is fully upto date and i notice when i stop running my Apache web server the flooding stops. i am wondering how i can tell if a bot might have changed or added any files to my site because i think its been hacked. ive had my forum for a few years and its only been happening for a few months, any help would be greatly appreciated

thanks
Pit$Bull
Former Team Member
Posts: 23099
Joined: Sat Dec 02, 2006 4:08 pm
Name: Can't Remember

Re: help posibly hacked

Post by Pit$Bull »

If you think your board has been hacked, please do the following before making any modifications to your board (this includes changing passwords, editing files, running the support toolkit, etc.):
1) Save a copy of the files (simply create a local copy of the files on the server).
2) Save a copy of the database.
3) Save the server access logs for the time of the hack (they may be available in the 'logs' directory on the server, in your host's control panel or only by request directly from your host).
4) File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.
squeek
Registered User
Posts: 173
Joined: Sat Jan 20, 2007 12:43 am

Re: help posibly hacked

Post by squeek »

if you are referring to my apache logs they have been cleared recently due to their size :( they grew so big they took forever to open and thought it might be best to clear them, i think i made a mistake there. i am also unsure of when the hack first started but can only guess it was around the time i was informed by my ISP.

i guess without the access logs there isnt much that can be done now, i might just start again and install everything from new. my site wasnt that great anyway but i do appreciate your help and advice also your speedy reply, many thanks
User avatar
Lumpy Burgertushie
Registered User
Posts: 68126
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: help posibly hacked

Post by Lumpy Burgertushie »

squeek wrote:if you are referring to my apache logs they have been cleared recently due to their size :( they grew so big they took forever to open and thought it might be best to clear them, i think i made a mistake there. i am also unsure of when the hack first started but can only guess it was around the time i was informed by my ISP.

i guess without the access logs there isnt much that can be done now, i might just start again and install everything from new. my site wasnt that great anyway but i do appreciate your help and advice also your speedy reply, many thanks
check your server for files that you did not put there, and/or that are not part of phpbb or your site and/or that have dates that are out of place with the rest of the files.

if you find any, rename them move them off the server etc. and see what happens. if the mess stops then you have found the hacked files and can proceed from there.

there are no known vulnerabilities in phpbb3 , however, if they accessed your site by some other software or server script then they can do what they please in there.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
squeek
Registered User
Posts: 173
Joined: Sat Jan 20, 2007 12:43 am

Re: help posibly hacked

Post by squeek »

ok thanks for the advice i will do that and post back with any findings, maybe this topic might help someone else who may encounter something similar (lets hope they never need it though). i host the site on my home computer so files are easily accessed by myself. thanks once again
User avatar
Lumpy Burgertushie
Registered User
Posts: 68126
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: help posibly hacked

Post by Lumpy Burgertushie »

squeek wrote:ok thanks for the advice i will do that and post back with any findings, maybe this topic might help someone else who may encounter something similar (lets hope they never need it though). i host the site on my home computer so files are easily accessed by myself. thanks once again
well, there you go. That is one of the reasons not to do this. web server security is a very complex thing.
Most home servers are completely open to anyone with the slightest knowledge of how to hack into networks etc.

not to mention the fact that if your ISP finds out you are running a web server from your account they will most likely cancel your account.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
squeek
Registered User
Posts: 173
Joined: Sat Jan 20, 2007 12:43 am

Re: help posibly hacked

Post by squeek »

Lumpy Burgertushie wrote:not to mention the fact that if your ISP finds out you are running a web server from your account they will most likely cancel your account.
i have no worries with hosting my own site, my ISP allow it and ive been hosting my own site for 11 years now with no problems. if however i had a site that i felt was growing too large in visitors i would probably use a hosting company out of respect for my ISP to help reduce any stress on their lines but i have always made it clear to them that i do host my own sites.

i have decided to start everything from new as there are far too many files to check but i have noticed there has been a new release of the xampp which i use so i will install that and see how things go :) this time im not going to clear any logs no matter how large they grow :mrgreen:
squeek
Registered User
Posts: 173
Joined: Sat Jan 20, 2007 12:43 am

Re: help posibly hacked

Post by squeek »

just a quick update, ive installed the new release of xampp and copied my forum files including my forum database over and now everything seems to be running good. seems all the UDP flooding has stopped now. i have installed pg2 and kept it running so i can check for signs of flooding but all seems to be running fine.

having said that i think its safe to say my phpbb3 files are safe and secure and i am hoping my database is still in tact, they must have just hacked only my server thank god. servers are easily replaced but a forum content and all the hard work cant. i cant thank you guys enough for the help, much appreciated.

i think this topic can be marked as solved :)
Locked

Return to “[3.0.x] Support Forum”