MY SITE GOT HACKED AGAIN USING PHPBB 2.0.19

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
xmutan
Registered User
Posts: 26
Joined: Thu Feb 16, 2006 1:14 pm
Contact:

MY SITE GOT HACKED AGAIN USING PHPBB 2.0.19

Post by xmutan » Sun Apr 02, 2006 4:44 pm

hello, i just overwrite my old 2.0.6 files to 2.0.19 files, and now i got hacked AGAIN.

all of my members post messege, doubled.

can anyone help me?

my forum is http://www.modifikasi.com/forum/

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29248
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty » Sun Apr 02, 2006 4:46 pm

So, did you get backed? Or is the problem that the posts are coming out double?

If you were previously hacked, there could be back doors in the database from before yo loaded the 2.0.19 files. Since the IIT doesn't deal with 2.0.6, I suggest you load up the Admin Toolkit and run a secuirty scan.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

User avatar
karlsemple
Former Team Member
Posts: 39802
Joined: Mon Nov 01, 2004 8:54 am
Location: Hereford, UK
Contact:

Post by karlsemple » Sun Apr 02, 2006 4:51 pm

As you are sure you have upgraded correctly to 2.0.19 you will really need report this to the IIT http://www.phpbb.com/support/incidents/
Image

xmutan
Registered User
Posts: 26
Joined: Thu Feb 16, 2006 1:14 pm
Contact:

Post by xmutan » Sun Apr 02, 2006 5:04 pm

i have run admin toolkit, all forum are clear.

xmutan
Registered User
Posts: 26
Joined: Thu Feb 16, 2006 1:14 pm
Contact:

Post by xmutan » Sun Apr 02, 2006 5:06 pm

just before the post message doubled, there is fffffff in viewforum, below the forum title, and before that "ffffff" things, many post are gone, from 120.000 to 90.000 (i disable my auto prune)

example of the hack:

Code: Select all

i have run admin toolkit, all forum are clear.


i have run admin toolkit, all forum are clear.
all of the post become doubled.[/code]

xmutan
Registered User
Posts: 26
Joined: Thu Feb 16, 2006 1:14 pm
Contact:

Post by xmutan » Sun Apr 02, 2006 5:09 pm

and before that, 2 days ago when i still using 2.0.6 with 2.0.19 db patch, i got hacked, autoprune is set to 1 days, my post from 220.000 become 120.000, today that i overwrite all my files to 2.0.19, and got HACKED AGAIN.

could someone help me??

espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom » Sun Apr 02, 2006 6:54 pm

When you restored your database, did you run the toolkit against it again? It is quite possible that the old backup contained extra admins - you could have been attacked some time ago, and they waited a while to make the attack obvious. Then, when you restored the older backup, the back door was put back in...
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

xmutan
Registered User
Posts: 26
Joined: Thu Feb 16, 2006 1:14 pm
Contact:

Post by xmutan » Sun Apr 02, 2006 7:55 pm

i didn't backup and restore the db, first, i install new fresh phpBb 2.0.19 using fantastico in /forum2/ folder then i install all the Mod i need, after that, I rename it from /forum2/ to /forum/ and the old /forum/ i renamed it into /forum_backup/ and then copy the config.php from old forum files (2.0.6) to the new forum files (2.0.19)

so i don't make any changes to the DB.

User avatar
karlsemple
Former Team Member
Posts: 39802
Joined: Mon Nov 01, 2004 8:54 am
Location: Hereford, UK
Contact:

Post by karlsemple » Sun Apr 02, 2006 7:57 pm

xmutan wrote: i didn't backup and restore the db, first, i install new fresh phpBb 2.0.19 using fantastico in /forum2/ folder then i install all the Mod i need, after that, I rename it from /forum2/ to /forum/ and the old /forum/ i renamed it into /forum_backup/ and then copy the config.php from old forum files (2.0.6) to the new forum files (2.0.19)

so i don't make any changes to the DB.



same applies, your still using a database which could have been compromised back when you were running 2.0.6...please follow the advice you are being given otherwise i will have to lock this and refer you to the IIT :)
Image

User avatar
Lumpy Burgertushie
Registered User
Posts: 66494
Joined: Mon May 02, 2005 3:11 am
Contact:

Post by Lumpy Burgertushie » Sun Apr 02, 2006 8:09 pm

bottom line here is that 2.0.19 did not get hacked.

your problems apparently come from an improper update and or hacker files left over from before, or just mistakes made by you or someone else.

if there were any hacks out there for 2.0.19 don't you think that we would have heard of them by now?

I haven't seen one yet that is strictly a hack of the 2.0.19 files.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

xmutan
Registered User
Posts: 26
Joined: Thu Feb 16, 2006 1:14 pm
Contact:

Post by xmutan » Mon Apr 03, 2006 10:40 am

is there any way to backup the username and the password only?

could anyone fixed my forum?

thanks

Locked

Return to “2.0.x Support Forum”