You are not logged in. Please login or register.
PunBB Forums → PunBB 1.2 troubleshooting → I just got hacked..
Wow, some kid registerd @ my site with the username: Null
and somehow sent me a message
This site has been compromised and heres some proof showing all your information. Fix the security flaw or you WILL be hacked. Fair warning. http://i28.tinypic.com/bex8vc.jpg Mr. X - mrx_2008@linuxmail.org
that's the real picture of my password too, i changed it tho 
my site www.24-7Gt.com
i cant do nething now.. wtf
Hmm, if you get on IRC right now and/or email me with enough details to see your access log (and give me admin access on your forum), I should be able to check out and see how he did it.
what ver of punbb are you using?
This looks like the vulnerability re cookies that 1.2.17 has fixed.
this is 1.12.7..
the latest 
smartys i go on
wait what's the irc channel ?
were do i go to login, lol
Quakenet, #punbb
what does quakenet mean?
where do i go to LOGIN AT?
lol
Try this:
http://www.mibbit.com/
Server is Quakenet.org
Channel is #punbb
No password
Nickname is whatever you want (no spaces)
Just so everyone knows, my current opinion of the source of the hack, stated nicely, is that you generally get what you pay for with shared hosting and a $1.99 per month host is worth every penny (that is to say, very little).
I dont know if that's the problem tho because You have seen mine cookie seed?
Which has absolutely no relevance here. The cookie seed does not allow someone to change your cPanel password or view your config.php file. And to see the cookie seed you need to have access to config.php in the first place.
Wow i cant even go to woeps.com or my site sometimes i can then when i try to get into cpanel then it kicks me off my host's IP.. WOW..
Ok I've requested a new pass via Support ticket
wooo ...this is intense .. did u guys found the volunbrity yet
Yea the kid is a n00b and should pay for better hosting.
Wasnt this be a method with mysql injection?
I very much doubt there is a vulnerability, other than a bad host. Of course, I can't really investigate too much, since the host still has my IP banned for trying to log in to his cPanel account too much.
Im sure it's not my host, LoL.
It's prob my fault for editing my php files w/o knowing php etc..
This host has full cpanel and it's woeps.com It's good. lol
well:
In theory , anyone with a shell/login to the webhost via telnet or at the console will be able to write to your file if they have access to your web directory. No-one without FTP access will be able to change things from the web, its only people with access to the server you need to worry about.
So your host has prob gave out shell access to someone on the server ( which looks like they oversell) and they have left a port open~!
and nick, whats your msn??
Oh look, your host has its own domain name. And cPanel? Of course they're trustworthy! I mean, those are two very big, important hosting things. It's not like you can buy a domain name for $10 and get cPanel for < $100 (or for free, if it's a cracked copy). And lets not forget their great deals: they offer free hosting AND they offer unlimited bandwidth and hard drive space for under $5 per month! It's not like computer space really costs more than that....
Seriously. I mean, it's certainly possible that one of your modifications allowed the hacker to take control of your fourm AND get the password for your cPanel, but I doubt it.
look to keep you happy and to save eveyone the hassle ill give you a cpanel account!
Not to mention the possibility of the hosting company being serious yet incompetent.
All it take to get that information is read permission to that file.
This is 99.9% sure not a punbb's security issue.
PunBB Forums → PunBB 1.2 troubleshooting → I just got hacked..
Powered by PunBB, supported by Informer Technologies, Inc.
