Forum Hacked by someone

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
bico
Registered User
Posts: 385
Joined: Thu Aug 12, 2004 6:39 pm
Location: Stockholm, Sweden.
Contact:

Post by bico »

Ok, sorry, my fault!

The extension.inc-file should contain a PHP-variable, $phpEx, with the PHP-file extension assigned to it, which should correspond to the one used by your webspace supplier, normally php.

If you delete that file your PHP-files will not be considered, by phpBB, and thus by the webserver (Apache or equal), to be PHP-files, as they wouldn't have any extensions. Internally, within the phpBB software, PHP file names are built up by appending $phpEx to them.

No extension.inc-file means no $phpBB-variable. No $phpBB-variable means no phpBB-internal PHP-file extensions. No phpBB-internal PHP-file extensions means no working phpBB-forums.
mikecarroll
Registered User
Posts: 11
Joined: Thu Jul 08, 2004 12:56 pm

Post by mikecarroll »

im not with Ipower but it looks like someone installed a redirect hack on my board.skate911.com forum.

Unfortunately i did not do a backup any time in the past so if i dont figure out how to get that redirect outta there looks like im in deep trouble.
Dark
Registered User
Posts: 190
Joined: Sat Jan 12, 2002 9:44 pm
Location: Alberta, Canada
Contact:

Post by Dark »

mikecarroll wrote: im not with Ipower but it looks like someone installed a redirect hack on my board.skate911.com forum.

Unfortunately i did not do a backup any time in the past so if i dont figure out how to get that redirect outta there looks like im in deep trouble.


Look in the simple_header.tpl file and the other header template files.
jacebenson
Registered User
Posts: 17
Joined: Fri Oct 31, 2003 6:09 am
Location: Minneapolis,MN
Contact:

Post by jacebenson »

MrNevets wrote: I am on Ipower and have no shell access to run that command. :(


Well I am also on IPower, but I have not been hacked to my knowledge but I do not want the tedious task of reinstallin my board seeing as how I have a couple mods.

MrNevets: So you cannon get shell access to run the command to updatE?
I guess I could direct that question to any IPOWER user but. yea its late. I need to go to sleep
All Play And No Work
mcdude
Registered User
Posts: 1
Joined: Mon Dec 20, 2004 6:40 am

Post by mcdude »

max_m wrote:
SPX wrote:Someone just hacked my forum. He deleted all the content and (as I has enabled meta tags in order to test something out) made it redirect to his site. I disabled the meta tags with some quick pressing or the Esc key. Luckily, I had a backup of a while ago with not much information loss.
The guy who did it - he redirected to his site. His site is http://www.x-radio.info and his forums are http://www.x-radio.info/forum what an arrogant ass he was. I posted and asked why he did it - the reply: "Because I can."


Whois info for this guy, don't just let it go. Report him and get his site down:


Whois info for his domain: www.x-radio.info
Domain ID:D8702535-LRMS
Domain Name:X-RADIO.INFO
Created On:09-Dec-2004 22:21:23 UTC
Last Updated On:10-Dec-2004 13:40:53 UTC
Expiration Date:09-Dec-2005 22:21:23 UTC
Sponsoring Registrar:R126-LRMS
Status:ACTIVE
Status:OK
Registrant ID:C7921114-LRMS
Registrant Name:Emma Pollard
Registrant Organization:Dilemma Productions
Registrant Street1:25 King Street
Registrant City:Margate
Registrant State/Province:Kent
Registrant Postal Code:CT9 1AX
Registrant Country:US
Registrant Email: [email protected]
Admin ID:C7921117-LRMS
Admin Name:Emma Pollard
Admin Organization:Dilemma Productions
Admin Street1:25 King Street
Admin City:Margate
Admin State/Province:Kent
Admin Postal Code:CT9 1AX
Admin Country:US
Admin Email: [email protected]
Billing ID:C7921116-LRMS
Billing Name:Emma Pollard
Billing Organization:Dilemma Productions
Billing Street1:25 King Street
Billing City:Margate
Billing State/Province:Kent
Billing Postal Code:CT9 1AX
Billing Country:US
Billing Email: [email protected]
Tech ID:C7921115-LRMS
Tech Name:Emma Pollard
Tech Organization:Dilemma Productions
Tech Street1:25 King Street
Tech City:Margate
Tech State/Province:Kent
Tech Postal Code:CT9 1AX
Tech Country:US
Tech Email: [email protected]
Name Server:NS1.DIGITAL-PRINCESS.COM
Name Server:NS2.DIGITAL-PRINCESS.COM


Obtained at:
http://www.whois.sc/x-radio.info

These clowns have hacked quite a few forums as they were bragging about their "hits" on their forum but have now deleted them.

We should floodnet their server.
Dark
Registered User
Posts: 190
Joined: Sat Jan 12, 2002 9:44 pm
Location: Alberta, Canada
Contact:

Post by Dark »

Flooding their server with a DoS attack will make you no better than them, their Whois information and bring it to your hosting company, their hosting company and also their Internet Service Provider. Make sure you still have copies of the changed pages, etc. Work with your hosting provider to gain logs off their server to track them down also.
Flyspray
Registered User
Posts: 6
Joined: Fri Nov 05, 2004 7:53 pm

Post by Flyspray »

I to was hacked and was running the latest version. Back up your web site, It's pretty much all you can do.
op76
Registered User
Posts: 111
Joined: Thu Oct 10, 2002 11:01 pm
Location: Finland
Contact:

Post by op76 »

I´ve been hacked twice. First time only index.php disappeared, but this second time, whole phpBB-root was empty. Directories were still there (actually in double, admin, admin1, cache, cache1 etc). Is there anything todo? I´m currently running 2.0.6, because I´ve made quite a lot modifications on it, and i´m lazy to start it all over again :(
Dark
Registered User
Posts: 190
Joined: Sat Jan 12, 2002 9:44 pm
Location: Alberta, Canada
Contact:

Post by Dark »

op76 wrote: I´ve been hacked twice. First time only index.php disappeared, but this second time, whole phpBB-root was empty. Directories were still there (actually in double, admin, admin1, cache, cache1 etc). Is there anything todo? I´m currently running 2.0.6, because I´ve made quite a lot modifications on it, and i´m lazy to start it all over again :(


Only thing i can say is get off your lazy ass and upgrade, as you can see it is more work to redo something after the hacker has already been there. 2.0.6 is a very old version of phpBB and should be upgraded, there is a few methods listed in the install.html on how to do it with a lot of MODs so i suggest reading up.
scottd
Registered User
Posts: 6
Joined: Thu Aug 26, 2004 3:28 pm

Post by scottd »

I was running 2.0.10 and was just just hacked. I have a backup and I am trying to restore but keep getting an error message. Ill post that in a different thread.
Spodey
Registered User
Posts: 20
Joined: Mon Feb 02, 2004 5:51 pm
Contact:

Post by Spodey »

I have been hacked twice. Once on 2.06, once at 2.0.11. Both modded.

Am I to assume there isn't actually a secure version of phpBB at the moment? I'm getting increasingly tempted by the idea of vB...
Dark
Registered User
Posts: 190
Joined: Sat Jan 12, 2002 9:44 pm
Location: Alberta, Canada
Contact:

Post by Dark »

Spodey wrote: I have been hacked twice. Once on 2.06, once at 2.0.11. Both modded.

Am I to assume there isn't actually a secure version of phpBB at the moment? I'm getting increasingly tempted by the idea of vB...


What version of PHP is running on the server there seems to be a security issue with 4.3.x so upgrading to 4.3.10 is needed.
Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK
Contact:

Post by Graham »

There are 3 possible ways you coul have been hacked on 2.0.11 from your description

THe php issue mentioned above
Backdoors left behind from the previous hacking - most of the hackers that we have seen ahve done exactly this
Insecure MODs - we can give no guarantees about the security of every single MOD out there.
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!
Trueliar
Registered User
Posts: 7
Joined: Tue Dec 07, 2004 12:04 pm

Post by Trueliar »

the better thing to do is to ignore him while he CANNOT be a decent person :) that's enough ...... because only idiots are acting like him.

Ah. at least you can send a notification email to his isp for ABUSE explaining in a polite manner what happened.
Darth Evad
Registered User
Posts: 14
Joined: Mon Jun 07, 2004 10:10 pm
Location: Ontario, Canada
Contact:

Post by Darth Evad »

i got my site hacked.
all .php and .html extention files got re-written. this is a problem with the host not the forums.
all my db data are still ok.

what is the best way to restore my forum?
i assume it's to backup the db and re-install and then replace the db.

any suggestions?

please and thanks.
Locked

Return to “2.0.x Support Forum”