Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: phpbb forum hacked

  1. #11
    Junior Member
    Join Date
    Mar 2005
    Posts
    7
    Thanks, info passed on to owner. Hopefully he will find something.

  2. #12
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    He's operating off a stolen dial-up address outside the United States huh? DHs like that piss me off.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  3. #13
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by RoadClosed
    He's operating off a stolen dial-up address outside the United States huh? DHs like that piss me off.
    If he's smart he'll have a few more stacked somewhere. Pretty easy to come by these days, unfortunately.

    Morgue: Is the site hosted? Do they also maintain the database?
    If that's the case odds are only your site got hosed.
    Do they also make backups or do you have take care of that yourself?

    Did you change anything to the source of phpBB?
    If you didn't change anything you could download the same version from a trusted source and diff it. Anything he changed (backdoors i.e.) will popup. But then again, he probably only added himself as an admin to your site so he can change things at will.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #14
    Junior Member
    Join Date
    Mar 2005
    Posts
    7
    Originally posted here by SirDice

    If he's smart he'll have a few more stacked somewhere. Pretty easy to come by these days, unfortunately.

    Morgue: Is the site hosted? Do they also maintain the database?
    If that's the case odds are only your site got hosed.
    Do they also make backups or do you have take care of that yourself?

    Did you change anything to the source of phpBB?
    If you didn't change anything you could download the same version from a trusted source and diff it. Anything he changed (backdoors i.e.) will popup. But then again, he probably only added himself as an admin to your site so he can change things at will.
    The site is hosted by fluxservices.com, as I understand it they had backed it up three days after it was hacked!!! I don't think the owner made a backup

    Everything was up to date, we had 0.012 installed, except the last patch which came out on 28th Feb, just a few days before we were hacked, only one person had admin, and the source code was default. Maybe he simply guessed the pw, I remenber the site owner saying to me, that we has SIX MILLION hits in one month, yet we only have 120-140 registered users, maybe it was a pw scanner running?

  5. #15
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by [ACE]MORGUE
    I remenber the site owner saying to me, that we has SIX MILLION hits in one month, yet we only have 120-140 registered users, maybe it was a pw scanner running?
    Yes. That's definitely possible. It may take a while but eventually...
    But all those attempts should have been logged somewhere.
    Probably too late now.... but somebody should have noticed that...
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #16
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    but somebody should have noticed that...
    ...and here lies the problem with trusting others with your property... They just don't care about it like you do....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #17
    Junior Member
    Join Date
    Mar 2005
    Posts
    7
    Assuming it had been noticed, what steps could have been taken to stop such an attack?

  8. #18
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Firewall rules would have been a good start - block the offending IP entirely. IDS would have been useful too. Maybe even packet dump all activity from the IP and allow it to break your BBS and then see how he is getting in. It really depends upon your strategy and intent.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #19
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Firewall rules would be a good start to block. In the mean time I would send the logs I already got to the ISP of the offending IP. If that ISP is any good they would take that "stolen dial-up" off the net. If you keep this up he (marx) will quickly run out of options. That ISP may even help you to find out who is using that "stolen dial-up".

    There's also an 'unethical' way to track the culprit. If he (marx) can hijack that PC, chances are you can do it too. Install some monitoring software on it and wait untill he tries again. That will bring you one step closer to him. At least it'll give you an idea where he's coming from. Beat him at his own game. But as I said it's rather unethical and probably illegal.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •