Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: phpbb forum hacked

  1. #1
    Junior Member
    Join Date
    Mar 2005
    Posts
    7

    phpbb forum hacked

    Our forum was hacked a few days ago, this is the second time now, is there anyone in here with the skills to track this guy down for us? I'm presenting you guys with a challenge to attain bragging rights!!!!

    I'm not the clan owner, but an admin, if anyone can help I'll ask him to post all relevant information.

    This hacker is threatening us & we suspect that we know who it is, so possibly I have his ip on file, although he claims to have deleted logs & is using a "stolen dial-up connection". I assume by his threats posted below that he intends to target our online game server's FTP next, any help on this would be greatly appreciated, as we are a gaming clan & not really into hacking related stuff.

    As you may be aware, the ACE forums got hacked.

    The hacker sent me an email and reading it, it sounds like somebody we know.



    Here they are and you tell me what you think and if you know if there is anything we can do to track him down.

    I have replied to these emails and told him I already know who he is.



    Email 1



    Hopefully this will teach you a lesson, be careful who you **** with. Don't

    spread **** that isnt true. Next time, it wont just be your forums. I will

    not reveal the source of the attack, however i will tell you that your

    database has been compromised. I am offering a backup of your database taken

    minutes before the attack in agreement that your clan will no longer promote

    several lies pertaining to other clans and their members.



    ~ Marx



    Email 2



    We'll see my friend. Since you have my home address I'm sure you wouldn't

    mind sharing it with me. Also, good luck with the ip address, I don't mind

    telling you that I am running off of a stolen dial up connection outside of

    the states so tracking my ip address with accuracy would be quite a task.

    Also, don't bother with the web logs, all traceable data has been truncated.

    Hope you enjoy the surprises I have embedded for later. As for your site,

    this was no attack against you as your clan surely suffers more than you do.

    I have attached a copy of the backup in a previous email to your hotmail

    address once you realize your forum cant do without it. I'd like to see you

    speed up your game reflexes a bit, your not providing a worthy challenge

    lately. See you in the games,



    ~ Marx

  2. #2
    wow! have you patched fully & completely?

    :-\

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    What version of phpBB are you running?
    There were some vulnerabilities not to long ago.
    These are the ones that were found this month.

    PHPBB Authentication Bypass Vulnerability
    PHPBB Session.PHP Autologin User_Level Privilege Escalation Vulnerability
    PHPBB Multiple Remote Path Disclosure Vulnerabilities
    PHPBB Arbitrary File Deletion Vulnerability
    PHPBB Arbitrary File Disclosure Vulnerability
    PHPBB Privmsg.PHP SQL Injection Vulnerability

    As for recovering.. Backup the data you still trust and start over. There's no way to tell what they may have modified (Marx is hinting about a backdoor).

    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Junior Member
    Join Date
    Mar 2005
    Posts
    7
    Thanks for the reply, that looks pretty scary,with so many hacks in a single month, is it worth sticking with phpbb or would it be more secure moving to say invision power boards

    I'll find out what version we were running & post that info.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Are you running AWStats too.... This was a biggie a few weeks ago. PHPBB's site was brought down by this exploit. If you are there is a patch out there for it. Till you get it turn off AWStats.

    Since he seems to be coming in as he pleases you need to consider that the box is compromised and you might have to bring it down and reinstall from scratch.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    As Tiger stated, after so many breakthrus, its advisable to clean and reinstall.
    Please install phpbb 2.0.13 -- current version.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  7. #7
    Junior Member
    Join Date
    Mar 2005
    Posts
    7
    OK, thanks all for the assist, we will "bite the bullet" & do a full re-install, we may move to phpnuke or stay with phpbb.

    In any case, thanks to all.

    [ACE]MORGUE

  8. #8
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    phpnuke? better stay on phpbb.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  9. #9
    Junior Member
    Join Date
    Mar 2005
    Posts
    7
    Originally posted here by cacosapo
    phpnuke? better stay on phpbb.

    Any reason for that? security maybe?

  10. #10
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Hey Morgue, we had a discussion of portals a few weeks ago I'll post the link. If you are having trouble maintaining the security of PhPBB then going to a product with many more features like PhPNuke may not be a wise choice. Besides, it uses PhPBB as it's Forum!

    //EDIT Here is the link . I see you are new, it's an old thread so don't post in it unless you have something significant to add to the discussion.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •