Is there any way to become "UNhacked"??

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
kabo0m
Registered User
Posts: 9
Joined: Sun Mar 16, 2008 2:46 am

Is there any way to become "UNhacked"??

Post by kabo0m »

I am not the owner but an admin on the forum that is phpB 2.0.11 and we just got hacked & defaced by a couple of frenchies and we can't get anything back even in the admin panel.

What do you suggest?

This is the forum: --removed
Last edited by ric323 on Wed Sep 24, 2008 11:42 pm, edited 1 time in total.
Reason: Topic icon changed
User avatar
ric323
Former Team Member
Posts: 22910
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Is there any way to become "UNhacked"??

Post by ric323 »

The 'ReadMe Before Posting / Frequently Asked Questions' topic at the head of this forum wrote:
  • My board has been hacked, what do I do? #
    Please do the following before making any modifications to your board (this includes changing passwords, editing files, running the admin toolkit, etc.):
    1) Save a copy of the files (simply create a local copy of the files on the server).
    2) Save a copy of the database.
    3) Save the server access logs for the time of the hack (they may be available in the 'logs' directory on the server, in your host's control panel or only by request directly from your host).
    4) File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.
I have removed your board's URL, as it is not needed here, and the hack may well have left a virus on your website.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
kabo0m
Registered User
Posts: 9
Joined: Sun Mar 16, 2008 2:46 am

Re: Is there any way to become "UNhacked"??

Post by kabo0m »

Thank you for the prompt reply. :)
User avatar
Elias
Registered User
Posts: 5110
Joined: Sat Feb 25, 2006 4:31 pm
Location: In the Water!
Name: Elias

Re: Is there any way to become "UNhacked"??

Post by Elias »

Well how about starting to update your forum to the last version .23.
"Mystery creates wonder, and wonder is the basis of man's desire to understand." - Neil Armstrong
|Installing Extensions|Writing Extensions|Extension Validation Policy|
Offering private web hosting. Contact me for details.
User avatar
ric323
Former Team Member
Posts: 22910
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Is there any way to become "UNhacked"??

Post by ric323 »

EY wrote:Well how about starting to update your forum to the last version .23.
Not before following the instructions above, though, or you will destroy the evidence of what happened!

--topic locked, as there is no value in public speculation
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
User avatar
ric323
Former Team Member
Posts: 22910
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Is there any way to become "UNhacked"??

Post by ric323 »

Just to close off this question, I just received the following PM from the OP.
(I asked and obtained their permission to post it here.)

My original advice to him back then:
ric323 wrote:What version did you have?
There was no security problem in 2.0.22 that would allow anything like that. This is more likely to be a problem with the security of your web host, in which case it won't matter what software you change to. phpBB is only as secure as the environment it is running in.
and his recent update:
kabo0m wrote:Yeah we have since left phpbb and went to SMF as we thought that was the issue ... until SMF got hacked.

The funny thing is the two really smart tech geeks of the forums couldn't figure it out .. searching through logs and code of the forums ..

And then I figured out where the hackers were getting in from! The main website! There was a very simple php uploader for images that was being exploited by the hackers uploading files with names like ahlshdf.php.jpg

Well the uploader would read the last extension but the FTP would read the first one. Thus the hackers were able to execute actions via their php program they wrote. It was quite detailed.

Since then we have disabled the php image uploader and have not gotten hacked since.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
Locked

Return to “2.0.x Support Forum”