Hacking reports. Where do they go?

Myspoonistoobig · Post by **Myspoonistoobig** » Mon Sep 17, 2007 12:44 pm

My board was "hacked", and I don't really need support with it, I just want to submit a report of the incident in case it's helpful in patching up whatever phpbb3 hole they used to do it. It was a very wimpy hack, merely changing config.php, so I can fix it easy enough

Do such reports go in the incident tracker, or the security tracker? or, somewhere else?

It appears they went in through the mod panel, since the most recently modified files in my phpbb3 installation's directory are config.php and the cache, and the couple of changed cache files indicate usage of the mod panel. Should I upload those as an attachment?

It was an RC4 install. Should I still report it? After all, it could be something unpatched in RC5 (and again, I don't need help or advice on fixing my board, so posting "you can fix this by keeping up to date!" is just spamming)

SamG · Post by **SamG** » Mon Sep 17, 2007 5:26 pm

Incident tracker. I don't think it will matter if it is an RC4 installation. The team can decide the relevance. Thanks.

karlsemple · Post by **karlsemple** » Mon Sep 17, 2007 5:28 pm

'When filing incident you should have ready a full backup of the forum files and database from the time of the hack and the access logs from the time of the hack. Then we can investigate and try and determine if phpBB was at fault and is so...where and how

spy2000 · Post by **spy2000** » Tue Sep 18, 2007 11:01 am

access logs? can u explain how to get it?

c4gamerz · Post by **c4gamerz** » Tue Sep 18, 2007 11:05 am

well it maybe coz of improper permissions of config.php my scripts were hacked many times coz of this small mistakes lolz you can do one thing there was a site which encode or decode ( i dont know ) so i encoded my config.php

now atleast hacker cant access to my database

SamG · Post by **SamG** » Tue Sep 18, 2007 11:15 am

spy2000 wrote:access logs? can u explain how to get it?

I think Karl is talking about server logs. They have to be obtained through some other resource than phpBB, generally through a tool or download made available by the web host.

spy2000 · Post by **spy2000** » Tue Sep 25, 2007 10:32 am

c4gamerz wrote:well it maybe coz of improper permissions of config.php my scripts were hacked many times coz of this small mistakes lolz you can do one thing there was a site which encode or decode ( i dont know ) so i encoded my config.php now atleast hacker cant access to my database

this is awful, can you share, how can we encode config.php file?

Thanks & regards.

net83it · Post by **net83it** » Fri Oct 05, 2007 2:51 pm

how is it possibile for an hacker to rewrite files in to 777 folders? i think it is necessary a bug/hole in the script. right? if yes, how discover this hole?

thank you

cybrid23 · Post by **cybrid23** » Fri Oct 05, 2007 3:52 pm

Myspoonistoobig wrote:I don't really need support with it, I just want to submit a report of the incident

Since the OP wasn't asking for support and as all incidents need to be submitted using the Incident Tracker, I am closing this topic as it is turning more into more of a discussion than support.

There is no need to go in to a frenzy. There are hundreds of non-phpBB related ways boards get hacked, and until a report is submitted and checked there is no way to tell if it was even through phpBB. Most of the ones I have seen lately are coming through the server side itself due to out of date apps one the server, again, not phpBB.

advertisements