Somebody just hacked my website phpbb3

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
Intruder
Registered User
Posts: 20
Joined: Thu Dec 17, 2009 1:01 pm

Somebody just hacked my website phpbb3

Post by Intruder »

hacked and changed my admin logging password"how i can change password?", i had to rename the folder of the phbb3! how i can protect my site? thank you!
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 51591
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Somebody just hacked my website phpbb3

Post by stevemaury »

If you board has been hacked, please do the following before making any modifications to your board (this includes changing passwords, editing files, running the support toolkit, etc.):
1) Save a copy of the files (simply create a local copy of the files on the server).
2) Save a copy of the database.
3) Save the server access logs for the time of the hack (they may be available in the 'logs' directory on the server, in your host's control panel or only by request directly from your host).
4) File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
Intruder
Registered User
Posts: 20
Joined: Thu Dec 17, 2009 1:01 pm

Re: Somebody just hacked my website phpbb3

Post by Intruder »

i just did downloaded the log from the control panel! and submit them to incident tracker! i had to compress them the 4 files in one rar file!
paintedtruth.com.rar

it happened from about an hour and lucky me i was online, so i had to login throw ftp and rename the folder of the phpbb3 forum!
what should i do right now? how i can retrieve passwords?
User avatar
Lumpy Burgertushie
Registered User
Posts: 68178
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Somebody just hacked my website phpbb3

Post by Lumpy Burgertushie »

if you have truly been hacked, you will be the first that I have heard of.

In phpmyadmin, run the following, which will create an admin user named admin1 with a password of admin. From that point you should be able to get into the ACP. Change your table prefix if it is not phpbb_.

Code: Select all

INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_from, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_website, user_occ, user_interests, user_actkey, user_newpasswd) VALUES (3, 5, 'Admin1', 'admin1', 0, '21232f297a57a5a743894a0e4a801fc3', 'admin@yourdomain.com', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', '', '', '', '', '', '', '', '');
then you can do whatever you need to do about admin accounts.

there are no known exploits of phpbb3. however, they could have gotten into your server by other means.



robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
User avatar
Lumpy Burgertushie
Registered User
Posts: 68178
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Somebody just hacked my website phpbb3

Post by Lumpy Burgertushie »

until you are sure that your site has really been hacked, would you mind changing the title of your post to something less likely to start a panic.

thanks,
robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
Intruder
Registered User
Posts: 20
Joined: Thu Dec 17, 2009 1:01 pm

Re: Somebody just hacked my website phpbb3

Post by Intruder »

My forum phpbb3 has been hacked so easily, i was surprised! i have generate a report throw incident tracker with "the whole log and database!"

i am inside phpmyadmin on my server! i tried to copy paste the following test inside query window, but i got this!
Error

SQL query:

INSERT INTO phpbb_users( user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_from, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_website, user_occ, user_interests, user_actkey, user_newpasswd )
VALUES ( 3, 5, 'Admin1', 'admin1', 0, '21232f297a57a5a743894a0e4a801fc3', 'admin@yourdomain.com', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', '', '', '', '', '', '', '', '' )

MySQL said: Documentation
#1054 - Unknown column 'user_type' in 'field list'
Intruder
Registered User
Posts: 20
Joined: Thu Dec 17, 2009 1:01 pm

Re: Somebody just hacked my website phpbb3

Post by Intruder »

i had to delete the whole folder and install the script again! and replaced the folder that i have with the newely installed with a new user name and password! i can log and edit normal! but all my files and members has gone? is there a way to get post back to forum? its not in restore folder! but i saved the whole folder on my pc before delete!
TrZ
Registered User
Posts: 67
Joined: Fri Jul 24, 2009 6:53 pm

Re: Somebody just hacked my website phpbb3

Post by TrZ »

You say you saved the folder, did you save the database before you reinstalled the script?
Intruder
Registered User
Posts: 20
Joined: Thu Dec 17, 2009 1:01 pm

Re: Somebody just hacked my website phpbb3

Post by Intruder »

TrZ wrote:You say you saved the folder, did you save the database before you reinstalled the script?
i saved everything but after the hack! as i said again, during the hack i have renamed the /v3/ folder and downloaded the whole folder using ftp to my pc. but now i lost everything! ughhh
Intruder
Registered User
Posts: 20
Joined: Thu Dec 17, 2009 1:01 pm

Re: Somebody just hacked my website phpbb3

Post by Intruder »

Somebody hacked the site again, eliminate Activation per admin! Damn what is going on? look in here!
http://img191.imageshack.us/img191/6079 ... ration.jpg
Image
Pit$Bull
Former Team Member
Posts: 23099
Joined: Sat Dec 02, 2006 4:08 pm
Name: Can't Remember

Re: Somebody just hacked my website phpbb3

Post by Pit$Bull »

stevemaury wrote:If you board has been hacked, please do the following before making any modifications to your board (this includes changing passwords, editing files, running the support toolkit, etc.):
1) Save a copy of the files (simply create a local copy of the files on the server).
2) Save a copy of the database.
3) Save the server access logs for the time of the hack (they may be available in the 'logs' directory on the server, in your host's control panel or only by request directly from your host).
4) File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 70218
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Somebody just hacked my website phpbb3

Post by KevC »

Intruder wrote:Somebody hacked the site again, eliminate Activation per admin!
Turning off your board email will do that by the way.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"
Locked

Return to “[3.0.x] Support Forum”