cdpuvbhfzz.com

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Ideas Centre
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
bethlehemway.com
Registered User
Posts: 2
Joined: Wed Apr 09, 2008 8:17 pm

cdpuvbhfzz.com

Post by bethlehemway.com » Wed Apr 09, 2008 9:10 pm

My forum (phpbb3) has been compromised this evening and is now pointing to the above website.

I don't have a back up as the forum is only days old and I'm very new to this whole game.

Is there a script I can run to reverse the effects of this horrible worm?

User avatar
darcie
Community Team Member
Community Team Member
Posts: 5541
Joined: Thu Jul 27, 2006 9:52 am
Location: Davis, California
Name: Darcie Griffin
Contact:

Re: cdpuvbhfzz.com

Post by darcie » Thu Apr 10, 2008 5:55 am

Hi there. From our "Read Me before posting" http://www.phpbb.com/community/viewtopi ... 543171#iit :
My board has been hacked, what do I do?
Please do the following before making any modifications to your board (this includes changing passwords, editing files, running the admin toolkit, etc.):
1) Save a copy of the files (simply create a local copy of the files on the server).
2) Save a copy of the database.
3) Save the server access logs for the time of the hack (they may be available in the 'logs' directory on the server, in your host's control panel or only by request directly from your host).
4) File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.
phpBB on Facebook | Site Rules | Former Community Team leader

nemosan
Registered User
Posts: 2
Joined: Mon Jul 09, 2007 9:42 am

Re: cdpuvbhfzz.com

Post by nemosan » Thu Apr 10, 2008 4:11 pm

Hi,

I had this problem last night, and it was caused by an attack on an installation of Coppermine Gallery, whereby a rogue .php script is uploaded (disguised as a .zip or .jpg file) and executed, which adds an iframe tag at the end of every .html and .php file on your webserver.

It took some time to fix all of my files! There's more info at http://forum.coppermine-gallery.net/ind ... 671.0.html

Andy

Locked

Return to “[3.0.x] Support Forum”