[not] Hacked 3.0.4

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Get Involved
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
itchibahn
Registered User
Posts: 1
Joined: Thu Apr 26, 2012 5:06 pm

[not] Hacked 3.0.4

Post by itchibahn » Fri Apr 27, 2012 4:14 am

My forum has been hacked.

I just installed the latest version at the time, during January, v 3.0.4. Haven't advertised the site at all as it's still being worked on. Today, I decided to work on the site and all of sudden, I have over 70,000 junk advertisement messages and over 8,000 users.

I can't believe someone would actually have time to register 8,000 fake users and post over 70,000 junk messages. This must of been automated somehow, which indicates huge hole in this version.

I've tried to prune the messages, but got an error:
Fatal error: Out of memory (allocated 89653248) (tried to allocate 35 bytes) in /home/devildat/public_html/forum/includes/search/fulltext_native.php on line 1238.
There are some few legit posts, but I think it's best that I wipe and start over again with current lastest version. This is somewhat scary, is phpBB this easy to hack?

Has anyone been hacked with current version 2.0.10? What security measure should I take to avoid this from happening?

User avatar
Erik Frèrejean
Former Team Member
Posts: 9899
Joined: Tue Oct 09, 2007 9:09 am
Location: The Netherlands, 3.0.x Support Forum
Name: Erik Frèrejean
Contact:

Re: Hacked 3.0.4

Post by Erik Frèrejean » Fri Apr 27, 2012 4:20 am

You are being targeted by a spam bot, which has nothing to do with security as they don't do anything they aren't allowed to do (register and post) yes it is annoying but far from being hacked.
First off all update to 3.0.10 as it contains far better anti spam measures, after that have a look at this topic.
Support Toolkit | Support Request Template | Knowledge Base | phpBB 3.0.x documentation
I don't give support via PM or IM! (all unsolicited pms will be trashed!)

User avatar
Oyabun1
Former Team Member
Posts: 23162
Joined: Sun May 17, 2009 1:05 pm
Location: Australia
Name: Bill

Re: Hacked 3.0.4

Post by Oyabun1 » Fri Apr 27, 2012 5:24 am

The version available from here in January was the latest version 3.0.10, so if the version you used was 3.0.4 it probably wasn't ours.

Unless you've done a lot of work on it you would probably be better off deleting the board and database and starting again with the the Latest Version from here. Then immediately implement anti-spam measures such as those Erik pointed you to.
                      Support Request Template
3.0.x: Knowledge Base Styles Support MOD Requests
3.1.x: Knowledge BaseStyles SupportExtension Requests

Renji
Registered User
Posts: 67
Joined: Wed Apr 25, 2012 2:07 pm

Re: Hacked 3.0.4

Post by Renji » Fri Apr 27, 2012 3:23 pm

Install Anti-Spam mod that works really super mind great :p
I am not greedy! I just want everything :)

User avatar
Erik Frèrejean
Former Team Member
Posts: 9899
Joined: Tue Oct 09, 2007 9:09 am
Location: The Netherlands, 3.0.x Support Forum
Name: Erik Frèrejean
Contact:

Re: Hacked 3.0.4

Post by Erik Frèrejean » Fri Apr 27, 2012 3:27 pm

Renji wrote:Install Anti-Spam mod that works really super mind great :p
You don't need any anti-spam MODs, as long you properly configure the build in system spam isn't an issue unless you are really targeted. Potentially you can enable the newly registered users group to assure that no spam gets publicly posted.
Support Toolkit | Support Request Template | Knowledge Base | phpBB 3.0.x documentation
I don't give support via PM or IM! (all unsolicited pms will be trashed!)

Renji
Registered User
Posts: 67
Joined: Wed Apr 25, 2012 2:07 pm

Re: [not] Hacked 3.0.4

Post by Renji » Fri Apr 27, 2012 3:31 pm

Well thats not always possible, one of friend site is having about more than 1298456 spam bots! now tell me
I am not greedy! I just want everything :)

User avatar
Oyabun1
Former Team Member
Posts: 23162
Joined: Sun May 17, 2009 1:05 pm
Location: Australia
Name: Bill

Re: [not] Hacked 3.0.4

Post by Oyabun1 » Fri Apr 27, 2012 10:03 pm

Renji wrote:Well thats not always possible, one of friend site is having about more than 1298456 spam bots! now tell me
What's the address of that board?
                      Support Request Template
3.0.x: Knowledge Base Styles Support MOD Requests
3.1.x: Knowledge BaseStyles SupportExtension Requests

CaNNon_
Registered User
Posts: 392
Joined: Wed Apr 29, 2009 2:07 am

Re: [not] Hacked 3.0.4

Post by CaNNon_ » Fri Apr 27, 2012 10:45 pm

That is a interesting number, I'd like to know how you counted the spam bots?

Renji
Registered User
Posts: 67
Joined: Wed Apr 25, 2012 2:07 pm

Re: [not] Hacked 3.0.4

Post by Renji » Sat Apr 28, 2012 5:19 am

Sorry same again, He is deleting all the bots.... When its few I will send you a PM. 8-)
I am not greedy! I just want everything :)

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69292
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: [not] Hacked 3.0.4

Post by KevC » Sat Apr 28, 2012 10:23 am

To have that many it's likely the board was installed a few years ago and then just left. Sometimes it's simpler, especially if the content/real user list is very small and/or very old, to just delete the lot and start again.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

Renji
Registered User
Posts: 67
Joined: Wed Apr 25, 2012 2:07 pm

Re: [not] Hacked 3.0.4

Post by Renji » Sat Apr 28, 2012 10:30 am

neah, He installed last month.
I am not greedy! I just want everything :)

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69292
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: [not] Hacked 3.0.4

Post by KevC » Sat Apr 28, 2012 10:36 am

Never. I've seen popular, long established but abandoned boards getting hit every few minutes with no antispam measures and they're only on 50,000 accounts. You've got 1.2million! Even if it was installed 8 weeks ago that's nearly 20 spambot registrations a minute.

If the board is that new, you might as well just delete it.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

CaNNon_
Registered User
Posts: 392
Joined: Wed Apr 29, 2009 2:07 am

Re: [not] Hacked 3.0.4

Post by CaNNon_ » Sat Apr 28, 2012 3:25 pm

You never replied as to how you counted them, I'd really like to know as it's something I could use.

Locked

Return to “[3.0.x] Support Forum”