I haven't and I can't find much searching. It sounds like your server not phpBB has been compromised, you need to speak to your host. Make sure you have up to date copies of your files and the database then at least you have back up in case something goes wrong.
If you believe it may have come via phpBB follow this:
If your board has been hacked, please do the following before making any modifications to your board (this includes changing passwords, editing files, running the Support Toolkit, etc.):
Save an archive file comprising copies of all the files (this can be done by creating a zip or tarball of the files).
Save a copy of the database.
Save the server access logs for the time of the hack (they may be available in the ???logs??? directory on the server, in your host???s control panel or only by request directly from your host).
File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.
"The good news is hell is just the product of a morbid human imagination.
The bad news is, whatever humans can imagine, they can usually create." - Harmony Cobel
Be very careful with these guys.
They are called Bug Poachers.
I wrote an article about them.
See a copy here:
------
Beware of Bug Poachers. There are criminal hackers out there working hard all day long to separate you from your hard earned money.
These hackers are known by several names such as Bug Poachers, Cyber Extortionists, Website Hackers or Grey Hats.
One of the recent hacker scams is that the hacker will hack into your website using SQL injection vulnerabilities. They will make a copy of your database. The hacker will then send you an email telling you that they are a website penetration tester and they are just good guys trying to help you out. They will then either tell you the nature of the problem and ask for a bounty / finder's fee or they will say if you send them money that they will tell you how to secure your website.
In the industry this is known as bug poaching. Bug poaching is a cyber extortion tactic in which a hacker breaks into a corporate network or website and creates an analysis of the network's private information and vulnerabilities.
Here are the problems with what has happened:
- These guys have committed a crime by hacking into your website in the first place and stealing your data. They are criminals trying to extort you.
- Even if you pay them, there is no guarantee that they will not release your data.
- You should never pay off extortionists as they will keep coming back for more.
- You cannot just ignore the problem though. You do actually have a problem that needs to be taken care of. Securing your website against future attacks.
If you receive one of these emails, you should do the following:
- Do not reply back to the hacker under any circumstances. Once he knows you are on the hook, its more likely that something bad will happen.
- Contact your webmaster / website developer or find someone who knows how to fix the security holes on your website. A website security specialist.
- Have a battle plan ready in case the hacker does release your data.
"The good news is hell is just the product of a morbid human imagination.
The bad news is, whatever humans can imagine, they can usually create." - Harmony Cobel
MikeP1974 wrote: ↑Tue Apr 17, 2018 12:08 pma copy of my data base
A full one? How old is it?
"The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20 ↑
"But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10 ↑
"My reaction is not to everyone, especially to you." Raptiye, 2021-02-28 ↑
If it's a server vulnerability then your host will have to look into it and fix that. Your host should offer you a backup once every 24 hours. If your site is altered in anyway then the backup can be restored, providing that backup doesn't have the altered content. This is why you should make periodic backups yourself. I store mine in an encrypted SFX archive and upload to my personal FTP, Box and burn to DVD every once in a while.
To help mitigate this in the future you can use the following: CloudFlare which will hide your real IP, CIDRAM, which will prevent certain forms of SQL injection, and block cloud-based/host-based connections to your site among other things and Ninjafirewall which offers a free version which I use myself. It has stopped a few hackers already. I wrote about it on my forum and the link is in my Sig. Once again, they offer a free solution. It's the Pro version. The Pro+ version is not free. It would be foolish not to use it for something that's free, especially CIDRAM which you can find at Github. I know the author.
About CloudFlare. The idea behind a reverse proxy is to thwart anyone from seeing your origin IP to mostly block a DDoS attack. Also, without your real IP a hacker can't Nmap your IP and discover the SSH port, etc and try to brute force in. The thing is, you need to first setup CloudFlare and then have your host change IPs, then add the new IP to CloudFlare. If this isn't done correctly websites like Crimeflare or domain history websites can't see your origin IP. Also, you need to use a third-party E-mail service and delete the MX record. The MX record will expose your origin IP if you use your host's E-mail. I use Gmail with the SMTP options in phpBB myself, if your site is rather large you might want to use a paid-for solution from Namecheap which is about $10/year. If you use a shared account your IP may still be hidden, but if you use a VPS you'll need to block all IPs except CloudFlare's since there is a tool and a website that uses this tool to scan the entire IPv4 space in about 45 minutes and that website will resolve your domain and IP and expose it.
Most of all, make sure your host has mod_security on. If your host does not even have that then ditch that host. They should also have Suhosin installed.
Note that I'm not affiliated in anyway with Google, CloudFlare, Ninjafirewall or Namecheap. I just use these services and I'm passing on the Info. I have helped with bug reports for CIDRAM which is an open source project at Github.
I suggest using strong 128-bit or better passwords to be sure hacking is fruitless, that applies to the database as well as the administrator accounts etc
this way you are safe from most attempts to copy databases
mysql is only as secure as the server that hosts it