Topic: My punBB was hacked!!!

yes, my forum was hacked, here is a screenshot.

http://img209.imageshack.us/img209/301/hackeo1og.th.jpg

It wasnt to hard to fix, but i think that other useres may lose important data.


bye!

And if the night runs over,
And if the day wont last,
And if the way should falter along the stony pass
It's just a moment, this time will pass!!

Re: My punBB was hacked!!!

you should probably upgrade to 1.2.6 aswell ...

Re: My punBB was hacked!!!

Frank H wrote:

you should probably upgrade to 1.2.6 aswell ...

yeah... i will,

i've just noticed that the hacker created a new administrator user for him.

And if the night runs over,
And if the day wont last,
And if the way should falter along the stony pass
It's just a moment, this time will pass!!

Re: My punBB was hacked!!!

The same thing happened to me. Had to redo a couple things and delete the new administrator.  Looks like the hacker figured out how to make himself an admin and then changed some stuff.

Hope the update to 1.2.6 helps.

Re: My punBB was hacked!!!

I'm not trying to make a political or racial statement here, but is it just me or are most "crackers" from the east? Either from the former Soviet Union or from china/korea?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

6

Re: My punBB was hacked!!!

Who hacked my site from Poland, try to check the IP

If your people come crazy, you will not need to your mind any more.

Re: My punBB was hacked!!!

The little retard who "cracked" my site (who also appears to have been the same one who got into 555|STi's site) was from Turkey.

8 (edited by Ataxy 2005-07-17 05:13)

Re: My punBB was hacked!!!

got hacked to the user used two account one as nft and the other as sallaand it does appear to be the same as you guy

9 (edited by BadGuyBlog.com 2005-07-17 05:22)

Re: My punBB was hacked!!!

same here, what is going on ?

here is the email address he left muhhakbay@yahoo.com and his IP 81.215.172.186

10

Re: My punBB was hacked!!!

I suspect that the people who does this look at the hdiff-file and locate the security-flaw with the old version that way. That's why it's important to update quickly after the release of a new code.
Perhaps it would be an idea to make this forum member-only, so Rickard can compare the cracker-ip's with the members and ban them.

11 (edited by Frank H 2005-07-17 10:18)

Re: My punBB was hacked!!!

making this forum member only won't stop people to hack forums (as the download for PunBB has nothing with the forum) ... and smart people use proxies when they go out to destroy other peoples things ... so IP's are useless (and you can also fake ips) ... and as they can inject stuff, they surely can inject some phony email and ips aswell ...

best thing is not to show what PunBB version you have, and to update quickly after each new release...

my guess is that the people doing these things are just some sad scriptkiddies ... that don't know how to do stuff themselves, but relies on other peoples findings and codesnippets to expoit flaws ...

Re: My punBB was hacked!!!

Hey, i was one of the users who was hacked but... if we start to think... it was a real hacker, i mean, a well understood hacker, he broke the code, modified some things (title, subtitle) but didn't make a real damage (data loss, db loss, etc...). I'm not justifying, but certainly it could have been worst!.
So, as part of a comunity instead of trying to know where is he from or where he lives, why not try to know where is the security failure to fix it. I repeat, i'm not justifying his acts, but this things help us to make a better punBB. Thank god he was a "good" hacker.

Bye!

And if the night runs over,
And if the day wont last,
And if the way should falter along the stony pass
It's just a moment, this time will pass!!

13 (edited by Tobi 2005-07-17 13:33)

Re: My punBB was hacked!!!

BadGuyBlog.com wrote:

same here, what is going on ?

What is going on is that most probably some bored schoolkids read about a flaw in a BB system, then they find as amany sites as posible using this system. This is just a google search away. Then they play around on your board and think they are real hackers.
That's the same thing that became known as the santy worm, Google even had to block the search for related terms at thhat time because the "hackers" were at least intelligent enough to use robots for the search.
It affected phpBB and was one good reason not to go with phpBB... smile
Mind you - there is no board without a flaw, punBB 1.2.6. will have its share as well (no offense meant, just experience wink ).
There is something really basic things that you can do.
It will not prevent real hackers from doning damage, it is by no means a serious protection, but it does help against bored teenies finding your site through google:

Rename viewtopic.php & viewforum.php (as that's what most idiots will be looking for) to something else like foo.php and bar.php, then change the links in all other pages accordingly.

It's a bit of a hassle because you have to do that every time you mod or update but when the next robot (or some really desperate clown doing it manually) searches for punbb boards they will probably not find you.

I know it sounds like a joke and as I said it is really nothing that gives you *real* security, just a bit of obfuscation that doesn't hurt your users.

What really *is* a great security tool is the apache module mod_security so if you have your own server I highly recommend that one.
Amongst a lot of other things it filters out requests that are likely to be malicious.

There is a very good article on that one here

The German PunBB Site:
PunBB-forum.de

14

Re: My punBB was hacked!!!

how do you make your forum read only?

-gezz

15

Re: My punBB was hacked!!!

gezz wrote:

how do you make your forum read only?

Excuse me?

What is the sense of making a forum read only???
smile

The German PunBB Site:
PunBB-forum.de

16

Re: My punBB was hacked!!!

correction, my apologies for the mistake...

MEMBERS only.

but this information is now useless as i found out how to do it smile

-gezz

17

Re: My punBB was hacked!!!

Rickard wrote:

I'm not trying to make a political or racial statement here, but is it just me or are most "crackers" from the east? Either from the former Soviet Union or from china/korea?

Here the most "crackers" come from South America (mostly Brazil) hmm

18 (edited by BadGuyBlog.com 2005-07-19 12:38)

Re: My punBB was hacked!!!

happened again:
User: exodia
Email: ejder4107@hotmail.com
IP: 81.215.172.158

the jerk deleted a whole bunch of forum categories which means he deleted all the related threads within them as well. Thanks, that's just great.

how do I get rid of the images and text here?
http://www.codepie.com/forums/index.php

19

Re: My punBB was hacked!!!

The main bug is in profile.php
This bug stay  in 1.2.6 to smile)

Guys< common!!!!!!!! I tired to alwase reinstall my hakked forum smile)

1.2.7 - shood be more fixed? smile

20

Re: My punBB was hacked!!!

TuXoH, have you set "register_globals = On" in php.ini ?
if so, you MUST change it to "Off".

Re: My punBB was hacked!!!

Rickard wrote:

I'm not trying to make a political or racial statement here, but is it just me or are most "crackers" from the east? Either from the former Soviet Union or from china/korea?

The one who hacked mine was German. tongue

I don't HAVE a signature, ok?

22

Re: My punBB was hacked!!!

Look at my forum!!! It was hacked yesterday at about 23:30 and it is not true that the hacker is a "good" one. He/she erased about 10.000 posts, so now I am waiting for my hosting provider to recover the latest backup sad

What should I do to prevent him from future hacking (besides from the upgrade from 1.2.5 to 1.2.6)???

Re: My punBB was hacked!!!

Do often backups.

[img]http://www.famfamfam.com/lab/icons/silk/icons/error.png[/img] /me speaks French and bad English [img]http://www.famfamfam.com/lab/icons/silk/icons/error.png[/img]

Re: My punBB was hacked!!!

Edward wrote:

What should I do to prevent him from future hacking (besides from the upgrade from 1.2.5 to 1.2.6)???

If you won't upgrade to the latest version, you'll have to apply the security fixes manually.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

25

Re: My punBB was hacked!!!

I made the upgrade. Am I save now?