Page 1 of 1

Hacking reports. Where do they go?

Posted: Mon Sep 17, 2007 12:44 pm
by Myspoonistoobig
My board was "hacked", and I don't really need support with it, I just want to submit a report of the incident in case it's helpful in patching up whatever phpbb3 hole they used to do it. It was a very wimpy hack, merely changing config.php, so I can fix it easy enough

Do such reports go in the incident tracker, or the security tracker? or, somewhere else?

It appears they went in through the mod panel, since the most recently modified files in my phpbb3 installation's directory are config.php and the cache, and the couple of changed cache files indicate usage of the mod panel. Should I upload those as an attachment?

It was an RC4 install. Should I still report it? After all, it could be something unpatched in RC5 (and again, I don't need help or advice on fixing my board, so posting "you can fix this by keeping up to date!" is just spamming)

Re: Hacking reports. Where do they go?

Posted: Mon Sep 17, 2007 5:26 pm
by SamG
Incident tracker. I don't think it will matter if it is an RC4 installation. The team can decide the relevance. Thanks.

Re: Hacking reports. Where do they go?

Posted: Mon Sep 17, 2007 5:28 pm
by karlsemple
'When filing incident you should have ready a full backup of the forum files and database from the time of the hack and the access logs from the time of the hack. Then we can investigate and try and determine if phpBB was at fault and is so...where and how :)

Re: Hacking reports. Where do they go?

Posted: Tue Sep 18, 2007 11:01 am
by spy2000
access logs? can u explain how to get it?

Re: Hacking reports. Where do they go?

Posted: Tue Sep 18, 2007 11:05 am
by c4gamerz
well it maybe coz of improper permissions of config.php my scripts were hacked many times coz of this small mistakes lolz you can do one thing there was a site which encode or decode ( i dont know ) so i encoded my config.php :) now atleast hacker cant access to my database :)

Re: Hacking reports. Where do they go?

Posted: Tue Sep 18, 2007 11:15 am
by SamG
spy2000 wrote:access logs? can u explain how to get it?
I think Karl is talking about server logs. They have to be obtained through some other resource than phpBB, generally through a tool or download made available by the web host.

Re: Hacking reports. Where do they go?

Posted: Tue Sep 25, 2007 10:32 am
by spy2000
c4gamerz wrote:well it maybe coz of improper permissions of config.php my scripts were hacked many times coz of this small mistakes lolz you can do one thing there was a site which encode or decode ( i dont know ) so i encoded my config.php :) now atleast hacker cant access to my database :)
this is awful, can you share, how can we encode config.php file?

Thanks & regards.

Re: Hacking reports. Where do they go?

Posted: Fri Oct 05, 2007 2:51 pm
by net83it
how is it possibile for an hacker to rewrite files in to 777 folders? i think it is necessary a bug/hole in the script. right? if yes, how discover this hole?

thank you

Re: Hacking reports. Where do they go?

Posted: Fri Oct 05, 2007 3:52 pm
by cybrid23
Myspoonistoobig wrote:I don't really need support with it, I just want to submit a report of the incident
Since the OP wasn't asking for support and as all incidents need to be submitted using the Incident Tracker, I am closing this topic as it is turning more into more of a discussion than support.

There is no need to go in to a frenzy. There are hundreds of non-phpBB related ways boards get hacked, and until a report is submitted and checked there is no way to tell if it was even through phpBB. Most of the ones I have seen lately are coming through the server side itself due to out of date apps one the server, again, not phpBB.