2.0.17 Bug in system... I was Hacked BIG TIME

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
fablespinner
Registered User
Posts: 4
Joined: Sun Aug 14, 2005 8:17 am
Location: California
Contact:

2.0.17 Bug in system... I was Hacked BIG TIME

Post by fablespinner » Sun Aug 14, 2005 8:24 am

I was still setting UP my fable forum... I hadn't had it installed an HOUR, I was still twiddling with the admin and Still in the MIDDLE of filling out crap

suddenly I was HACKED by
KUSANAGI

I immediately banned the IP (203.162.3.147 )


THe new forum isn't even an hour OLD and not even live yet

the [expeltive deleted] changed my admin files and EVERYTHING!

They wrote in the forum name:
HACK BY KUSANAGI

and in the description:
bug in site, I don't want to have to come back

Does anyone kow this person and what more I can do to ban them?

and look at this:

http://network-tools.com/default.asp?host=203.162.3.147

THEY CAME BACK IMMEDATELY UNDER A DIFFERNT IPS!
I COULDN'T BAN THEM FAST ENOUGH

GOOD GOD HE HIT ME WITH 5 MORE IPS!!
NOW up to this:

203.162.3.147
134.76.10.66
152.163.101.8
152.163.100.136
63.195.56.218
165.247.224.14

He put images on my forum next to the forum name link like this:
http://www.zidean.com/zv4_3/213_5771.jpg



I've changed passwords on all my accounts (including control panels not just the admin access) and everything!

He's got some program or something doing this.... look at the IP stats and I was catching him within a minute....
It goes:

IP ADDRESS --------pages-------HITS------BANDWDITH-----TIME

203.162.3.147 ------- 12 ------- 174 ------- 415.69 KB------- 14 Aug 2005 - 01:47
134.76.10.66 ------- 1 ------- 30 -------52.95 KB------- 14 Aug 2005 - 01:48
152.163.101.8 ------- 5------- 5------- 12.78 KB -------14 Aug 2005 - 01:58
152.163.100.136 -------1 -------3------- 41.12 KB------- 14 Aug 2005 - 01:59
63.195.56.218 ------- 16------- 152------- 1.74 MB------- 14 Aug 2005 - 02:09
165.247.224.14 ------- 3 -------31 -------218.64 KB -------14 Aug 2005 - 02:14

The little [expeltive deleted]!

I called my tech support (micfo.com) and he's not getting into my control panels just the Open Source PHPBB board admin panel and they have NO CLUE HOW... and I can't find [expeltive deleted] all info on PHPBB site about security bug fixes...

I'm at my wits end... but it's been 20 minutes now as I blocked him like a hawk and banned him the second I saw a guest user on the board....
no new attacks...

But he's in Vietnam and if the Kusanagi is the same one on that stupid image file he added to my site at one point.... he's 16 years old in Vietnam and it's SCHOOL TIME OVER THERE.


We need a bug fix for 2.0.17 ASAP

No I have no Trojans, Viruses, or other maladies on my system.
Tech at micfo confirms this is an issue with the OpenSource in the PHPBB board.

What more information can I provide to help?

EDIT:
No need for the bad language.
CTCNetwork

User avatar
Anon
Former Team Member
Posts: 7019
Joined: Fri Jan 02, 2004 7:33 am
Location: Christchurch, New Zealand

Post by Anon » Sun Aug 14, 2005 9:01 am

If you're using phpBB 2.0.17, it'll be another program on your website. Make sure that Apache, PHP, MySQL, and any other scripts (like AWStats and phpNuke) are up to date

If they are, you could be on a shared server and are being hacked through another person's website that does have out of date scripts

Lotus05
Registered User
Posts: 119
Joined: Thu Jul 14, 2005 6:54 am
Contact:

Post by Lotus05 » Sun Aug 14, 2005 9:05 am

I was also hacked using 2.0.17.

User avatar
Anon
Former Team Member
Posts: 7019
Joined: Fri Jan 02, 2004 7:33 am
Location: Christchurch, New Zealand

Post by Anon » Sun Aug 14, 2005 9:25 am

As above. If you're using 2.0.17, it's highly unlikely it was phpBB. Are you sure all the software in the server is up to date? What about software on other webserver accounts?

User avatar
-jm-
Former Team Member
Posts: 2024
Joined: Fri Jul 16, 2004 10:56 am
Location: Inside the mind of the machine
Contact:

Post by -jm- » Sun Aug 14, 2005 9:34 am

hi.

Please report your server logs and your server config.

Expecially:
PHP version (there are shameless paid hosts with old and vulnerable php)
mySQL (or other db) version
sw installed and their releases.
If you are on shared servers.

Then provide also an installed MODs list.
-jm- (a.k.a. juanm) - *NO* private support
Hacked?
With so many beautiful colors in the world it’s a shame to make everything black and white - Dennis R. Little
my links: tips&stuff :: stuff only

Freestyle XL
Registered User
Posts: 1608
Joined: Sun Jul 31, 2005 4:09 pm
Contact:

Post by Freestyle XL » Sun Aug 14, 2005 9:37 am

Greetings,

Don't post server logs here. If there is indeed a vulnerability then information from server logs might be used by idiots to hack other forums. Send logs to some support team member.
»AcidTech« »Counter-Strike« »Flower Power« »Getaway« »GreenTech« »Jet«

All styles are updated for phpBB 2.0.21

Lotus05
Registered User
Posts: 119
Joined: Thu Jul 14, 2005 6:54 am
Contact:

Post by Lotus05 » Sun Aug 14, 2005 9:46 am

My php is 4.3.11
My Sql is 4.1.11-standard
I had some mods...user list in admin panel...than both starfoxjt toolkits...and split post mod.

User avatar
-jm-
Former Team Member
Posts: 2024
Joined: Fri Jul 16, 2004 10:56 am
Location: Inside the mind of the machine
Contact:

Post by -jm- » Sun Aug 14, 2005 9:53 am

uhm ... If this isn't the proper place for server logs, then going here to post is probably the best alternative system.
-jm- (a.k.a. juanm) - *NO* private support
Hacked?
With so many beautiful colors in the world it’s a shame to make everything black and white - Dennis R. Little
my links: tips&stuff :: stuff only

User avatar
CTCNetwork
Former Team Member
Posts: 15424
Joined: Fri Dec 19, 2003 3:50 am
Location: In that Volvo behind you!
Contact:

Post by CTCNetwork » Sun Aug 14, 2005 10:11 am

Hi,

If you were "Hacked" it will not necessarily be phpBB that is at fault. It could well be PHP, Apache or one of the proggrams both rely on. It could also be IE...

He could also be using allowed html or even flash to hit your forum. Do you allow either?

Make a report on the aforementioned Security tracker and DO remember to provide the Log files for the server.

Des. . . :wink:
Density:- Not just a measurement~Its a whole way of Life.! ! !
| Welcome! | RTFM!!! | Search! It's Easy! | Problem? | Spam? | Advice! |

Latent
Registered User
Posts: 6
Joined: Mon Nov 01, 2004 9:59 pm

Post by Latent » Sun Aug 14, 2005 11:25 am

i was hacked too (using 2.0.17) i think there is a problem with phpbb ..

straat18
Registered User
Posts: 57
Joined: Fri Aug 05, 2005 12:00 am
Contact:

Post by straat18 » Sun Aug 14, 2005 11:46 am

its not PHPBB trust me, i try to hack my own 2.017 forum no good,, My new host -Hostgator-

my old host -thunderhost- no up to date server files i could get in very easy it was so easy evry could get in that 2.017 forum

just check your host that they update evry thing again
Where Art Becomes Pasion
Request A Sig
My sigs

keithschm
Registered User
Posts: 299
Joined: Sat Oct 02, 2004 7:58 pm

Post by keithschm » Sun Aug 14, 2005 12:19 pm

I was hacked using version 2.0.13 (i was to lazy to upgrade) by the "hitmen". I have his Ip address. I banned him. Then upgraded, then I unbanned him. He has been back several times, and he has not got in.

There has to be somones eleses web site that is on your shared server that has a hole. Contact your host

Lotus05
Registered User
Posts: 119
Joined: Thu Jul 14, 2005 6:54 am
Contact:

Post by Lotus05 » Sun Aug 14, 2005 12:46 pm

Hey your server has been down for some time? Hasnt it?
It is an unsafe software, and that is the end.
But because it is so nice we keep using it.

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29246
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty » Sun Aug 14, 2005 1:35 pm

I'll just put my word in then,
while it is of course possible that a person has found a new security hole in phpBB, it is unlikely since when an exploit is discovered, it is spread very fast and many boards get hacked. There has not been a spike in phpBB hacks and I will say that I am 99% positive it isn't phpBB that is to blame
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

ComputerBob
Registered User
Posts: 239
Joined: Tue Jun 29, 2004 2:16 am
Location: The Gulf Coast of the Sunshine State
Contact:

Post by ComputerBob » Sun Aug 14, 2005 2:24 pm

Anon wrote: If they are, you could be on a shared server and are being hacked through another person's website that does have out of date scripts
Anon wrote: Are you sure all the software in the server is up to date? What about software on other webserver accounts?
-jm- wrote: Expecially:
....If you are on shared servers.
keithschm wrote: There has to be somones eleses web site that is on your shared server that has a hole. Contact your host

All of those replies imply that, if you're using shared hosting (which I bet the majority of phpBB admins are), then your totally updated forums can be hacked if anyone else's forums on that shared server aren't using the latest version of phpBB.

Is that just FUD, or is it true that hackers can get into my updated forums through any of the 200+ other sites that use the same shared Webhost as I do? If so, that seems like a huge security risk.
ComputerBob - Making Geek-Speak Chic™
http://www.computerbob.com
One Of The Largest One-Person Sites In The World
With Tons of Information, Software, Help, and Fun

Locked

Return to “2.0.x Support Forum”