Topic: Got hacked

I dont know what is going on, but someone has become Administrator in my forum

I think my cPanel is fine.. no intruder in my pc and maybe bugs in Punbb (maybe)

I just change the folder name where punbb installed and go to phpmyadmin to change her level then the fucking gay just leaved

Well.. what should I do big_smile

Re: Got hacked

Did you install the hotfixes?
What other PHP-scripts do you have installed at the same host (DB access may be gained through other script)?
Is it DS/VDS or simple virtual hosting?
Are you sure no-one could get password in non-technical way? :-)
Do you have Apache access-log available for the period when user has changed his group?

anggiawan wrote:

I just change the folder name where punbb installed

This will not possibly save you in case of the real exploit.
Nevertheless, after you find the hole, you'd better reset (fill randomly) all users passwords (starting from yours). If you will not succeed in finding the whole, you may hope that it was a single incident, but it is still better to reset at least admin passwords, when you come to such a conclusion.

Carpe diem

Re: Got hacked

Did you install the hotfixes?

yes

What other PHP-scripts do you have installed at the same host (DB access may be gained through other script)?

nothing

Is it DS/VDS or simple virtual hosting?

dedicated

Are you sure no-one could get password in non-technical way? :-)

I think so

Do you have Apache access-log available for the period when user has changed his group?]

Can you explain more? Do you mean httpd log?

Re: Got hacked

anggiawan wrote:

Can you explain more? Do you mean httpd log?

Yes. Could you investigate it or just zip it (better just a part of log for the period when you think you were hacked) and mail me.

Carpe diem

Re: Got hacked

I dont know if I can access  httpd log.. (actually I dont know where it is lol )  in cpanel or file manager ? I think, only root can access that.

Do you mean "Raw Access Logs" ?

Re: Got hacked

Today there are 3 hotfixes :
- PunBB 1.3 hotfix for a potential SQL-injections at admin users page.
- PunBB 1.3 hotfix for a potential SQL-injections in admin/settings.php for permissions config values.
- PunBB 1.3 hotfix for a potential XSS attack at login page.

I hope those hotfixes will solve my problem, wow very critical bugs roll