Hacker attacking my forum! pls help!

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
tobytgb
Registered User
Posts: 6
Joined: Tue Apr 07, 2020 2:01 pm

Hacker attacking my forum! pls help!

Post by tobytgb »

This morning my site started to act really weird were nobody could login or register. I thought it was just an error and noticed that the ucp.php file server permissions were set to 0000 and that caused the problems with register and login. When i was finaly able to login i see that someone is attacking my forum by updating all extensions, i dont know what to do pls help.

Here is what he did:

Image
Image
tobytgb
Registered User
Posts: 6
Joined: Tue Apr 07, 2020 2:01 pm

Re: Hacker attacking my forum! pls help!

Post by tobytgb »

update:

I tried to move the plugins he updated in /ext to my trash folder in c panel but when i do that the site does not work anymore.
User avatar
EA117
Registered User
Posts: 1681
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Hacker attacking my forum! pls help!

Post by EA117 »

Based on your screen shots -- if it wasn't you or one of your admins who did it -- then it looks like your hosting provider just now updated you from phpBB 3.2.8 to the current phpBB 3.3.0 release.

It's all your existing extensions which are now "incompatible with the current installed phpBB version". The big angry red blob being shown there is how the incompatible extension known issue would present. The "updating extension" entries are what happens during any upgrade.

Do you possibly have your hosting provider set to "automatically update your phpBB for you"? And this never caused an issue for you during the minor phpBB 3.2.x releases, but the jump to phpBB 3.3.0 created greater incompatibility for your existing extensions.

Either that, or whomever else has FTP and admin access to the board should be asked whether they were the ones who did it. But "a hacker" isn't going to upgrade your board to phpBB 3.3.0 for you. Well, maybe a very sick and deranged hacker who is bored from COVID-19 isolation.... πŸ˜†

I'm not sure what would have caused the "permissions 000" on ucp.php; that sounds like a mistake on the part of whomever updated the files to phpBB 3.3.0 files.

But I don't think you're "under attack", and maybe don't have to worry quite so much as you continue to figure out what actually happened here.
tobytgb
Registered User
Posts: 6
Joined: Tue Apr 07, 2020 2:01 pm

Re: Hacker attacking my forum! pls help!

Post by tobytgb »

EA117 wrote: ↑
Tue Apr 07, 2020 3:29 pm
Based on your screen shots -- if it wasn't you or one of your admins who did it -- then it looks like your hosting provider just now updated you from phpBB 3.2.8 to the current phpBB 3.3.0 release.

It's all your existing extensions which are now "incompatible with the current installed phpBB version". The big angry red blob being shown there is how the incompatible extension known issue would present. The "updating extension" entries are what happens during any upgrade.

Do you possibly have your hosting provider set to "automatically update your phpBB for you"? And this never caused an issue for you during the minor phpBB 3.2.x releases, but the jump to phpBB 3.3.0 created greater incompatibility for your existing extensions.

Either that, or whomever else has FTP and admin access to the board should be asked whether they were the ones who did it. But "a hacker" isn't going to upgrade your board to phpBB 3.3.0 for you. Well, maybe a very sick and deranged hacker who is bored from COVID-19 isolation.... πŸ˜†

I'm not sure what would have caused the "permissions 000" on ucp.php; that sounds like a mistake on the part of whomever updated the files to phpBB 3.3.0 files.

But I don't think you're "under attack", and maybe don't have to worry quite so much as you continue to figure out what actually happened here.
Im 99% sure its an attack mate. I looked at the moment it all started what visitors were in the logs in c panel. Check this out:

Image

The first url as referer you see is from an known attack site ( dont visit it) and after that the weird stuff happens. he post sometime that i allowed what looked like a link that i did not click but maybe that post was the code injection that he needed i dunno.

and these pointers makes me believe its attacker:

1. ucp.phb set to 0000 not by me and not by host, this caused to block everyone from logging in the forum including me.
2. admin account not compromised
3. host account / c panel not compromised
4. my own pc is clean

Thats why i think and still think its attacker and i think its still going on as we speak.
tobytgb
Registered User
Posts: 6
Joined: Tue Apr 07, 2020 2:01 pm

Re: Hacker attacking my forum! pls help!

Post by tobytgb »

EA117 wrote: ↑
Tue Apr 07, 2020 3:29 pm
Based on your screen shots -- if it wasn't you or one of your admins who did it -- then it looks like your hosting provider just now updated you from phpBB 3.2.8 to the current phpBB 3.3.0 release.

It's all your existing extensions which are now "incompatible with the current installed phpBB version". The big angry red blob being shown there is how the incompatible extension known issue would present. The "updating extension" entries are what happens during any upgrade.

Do you possibly have your hosting provider set to "automatically update your phpBB for you"? And this never caused an issue for you during the minor phpBB 3.2.x releases, but the jump to phpBB 3.3.0 created greater incompatibility for your existing extensions.

Either that, or whomever else has FTP and admin access to the board should be asked whether they were the ones who did it. But "a hacker" isn't going to upgrade your board to phpBB 3.3.0 for you. Well, maybe a very sick and deranged hacker who is bored from COVID-19 isolation.... πŸ˜†

I'm not sure what would have caused the "permissions 000" on ucp.php; that sounds like a mistake on the part of whomever updated the files to phpBB 3.3.0 files.

But I don't think you're "under attack", and maybe don't have to worry quite so much as you continue to figure out what actually happened here.
Oh wait, you might actually be right :P the whole reason i believed it was hack is because i couldnt login and when i changed the permissions back so i could login, i saw all that stuff that happened from the anonymous user. Before i could login i did upgrade the forum myself through cpanel ... So can you confirm that it would show like this if it was just me ? I might be a stupid idiot after all :P
User avatar
Lumpy Burgertushie
Registered User
Posts: 67913
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Hacker attacking my forum! pls help!

Post by Lumpy Burgertushie »

if you installed phpBB using the files from here, you could not have updated/upgraded from cpanel.
that means that you must have installed phpBB using the cpanel one click.
the cpanel one click is known to cause problems especially upgrades.
I suggest that you make backups especially of the database.

then follow these instructions exactly and in order: https://www.phpbb.com/support/docs/en/3 ... upgrade32/

that way you will be properly upgraded and in the future you will not have problems following the exact same instructions for any new updates/upgrades.
luck,
robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
User avatar
EA117
Registered User
Posts: 1681
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Hacker attacking my forum! pls help!

Post by EA117 »

tobytgb wrote: ↑
Tue Apr 07, 2020 4:01 pm
So can you confirm that it would show like this if it was just me ?
Yes, the log entries and the red warning you're getting now would present that way even in response to your own manual or automated upgrade to phpBB 3.3.0. The entries regarding "updating extension" are from the upgrade process itself, and the red "yaml-related" warnings are from phpBB reporting syntax errors in the non-phpBB 3.3.0-compatible extension configuration files.

You're in the same position right now as any phpBB operator who proceeded with a phpBB 3.3.0 upgrade thinking it wouldn't be any harder that prior phpBB 3.2.x updates, and without looking at each and every step of the necessary instructions. Which means you're in plenty of good company here on this site, and need not kick yourself too much. 😁

Before making any final decisions, I'd probably first spend some time looking at your extensions and whether there are phpBB 3.3.0-compatible versions of those extensions, or perhaps YAML configuration file fixes that can be made manually. Since you'll want to know "do I even have the option of updating to phpBB 3.3.0 at this time" based on what extensions you consider critical and might not have a solution for yet, before deciding what steps you really want to take next.
Post Reply

Return to β€œ[3.3.x] Support Forum”