Got hacked through the forum.

[william.menech]

Hello All, I began a subdomain of my website for my forum. Within a few months my site got hacked through the forum. Is there a way to prevent this in the future? I would like to recreate my forum but have fear of getting hacked again.

[Lumpy Burgertushie]

if you got hacked from phpbb then you would be the first one to have that happen since phpbb 3 came out in 2007.

what exactly happened?
why do you think you were hacked and why do you think it happened from phpbb?


robert

[Holger]

What phpBB version are you running? Have you modified the code? What PHP version? What other SW/application are you running?
I think you got hacked in any other way, but not through phpBB.
Most likely you got hacked through your hoster because something was not up to date.

[Marc]

If you think you got hacked through phpBB, the recommended way of handling this is to contact us through our incident tracker:
https://tracker.phpbb.com/projects/INCIDENT

You should be able to login with your www.phpbb.com account. Please make sure to include information like access logs, error logs, etc. from your website at the suspected time of the hack.

[Joe.]

Sorry to hear about that

[2600]

if you got hacked from phpbb then you would be the first one to have that happen since phpbb 3 came out in 2007.

what exactly happened?
why do you think you were hacked and why do you think it happened from phpbb?


robert

This site was hacked and I read the hackers blog on how he did it. Keyword: mod_security.

[MichaelC]

if you got hacked from phpbb then you would be the first one to have that happen since phpbb 3 came out in 2007.

what exactly happened?
why do you think you were hacked and why do you think it happened from phpbb?


robert

This site was hacked and I read the hackers blog on how he did it. Keyword: mod_security.

I'm not entirely sure what you're referencing here. Please could you confirm [in private if sensitive]?

[Lumpy Burgertushie]

not sure that is even true , however, if they got in through "mod_security" then that has nothing to do with phpbb. that is a server software/system.

if you can hack into a server at the server level, then anything and everything on that server is open to you.

you can not get to the server through phpbb unless you have the ftp and or the database log in.


robert

[3Di]

if you got hacked from phpbb then you would be the first one to have that happen since phpbb 3 came out in 2007.

what exactly happened?
why do you think you were hacked and why do you think it happened from phpbb?


robert

This site was hacked and I read the hackers blog on how he did it. Keyword: mod_security.

This site has been hacked in 2009 and it was NOT a mod_security's issue but - instead - of an employed third-party software (PHPlist). Before it was in 2005, not a mod_security's issue. Then I guess in 2014 but it was because they stole and abused the login credentials of a phpBB team member.

[Lumpy Burgertushie]

none of which was hacked through phpbb. the phplist was a mailing list software that was hacked and gave them access to the server that it and phpbb were installed on.

when someone has your username/password that is not considered hacking and no software can keep out someone that has the correct login to access it.

not trying to be a fanboy here, just like to keep it to the facts. I am not aware of a single time that phpbb3 has been actually hacked through its code etc.


robertr

[2600]

Yeah, it was PHPlist. https://blog.sucuri.net/2013/09/securit ... b-com.html

Could have sworn there was an early hack involving some leaked passwords. Maybe that was just a website/server issue or something. It was like last year when the site was down for like three weeks.

Edit-

Yeah, 2014 https://theadminzone.com/threads/phpbb- ... 392/page-2

Here's the announcement. viewtopic.php?f=14&t=2283426

Was a server attack. It's why I mask my IP with CloudFlare and delete the MX record and use Gmail as the E-mail service. The MX record gives away the real IP. I have yet to find my real IP with a CloudFlare resolver. It does show the old IP though. That's because I wasn't using CF and those CF resolver websites grabbed it in the plain.

[Lumpy Burgertushie]

and quoting from that link you posted:

We determined that on Friday December 12th, unauthorised access to the area51.phpbb.com server was obtained using credentials that had been stolen from a staff member via an outside source. To be clear, this was not done through a vulnerability in the phpBB software.

It was not even a hack. the attackers had the username/password of a staff member which gave them complete access to the server.
it had nothing to do with IP addresses or email servers etc. etc.



robert

[2600]

I guess it wasn't a "hack" per say. But a hack in technical terms is to circumvent security for malicious intent.

There's hacks & there's cracks.

[Lumpy Burgertushie]

well, technically they did not circumvent the security of the board/server. they stole the username password and used that. I guess you could say that stealing someone's password is "circumventing" the security.


robert

[david63]

It's why I mask my IP with CloudFlare

Are you sure about that? I can find your site's IP address in about 30 seconds