You are not logged in. Please login or register.
PunBB Forums → PunBB 1.3 discussion → Got hacked
I dont know what is going on, but someone has become Administrator in my forum
I think my cPanel is fine.. no intruder in my pc and maybe bugs in Punbb (maybe)
I just change the folder name where punbb installed and go to phpmyadmin to change her level then the fucking gay just leaved
Well.. what should I do 
Did you install the hotfixes?
What other PHP-scripts do you have installed at the same host (DB access may be gained through other script)?
Is it DS/VDS or simple virtual hosting?
Are you sure no-one could get password in non-technical way? :-)
Do you have Apache access-log available for the period when user has changed his group?
I just change the folder name where punbb installed
This will not possibly save you in case of the real exploit.
Nevertheless, after you find the hole, you'd better reset (fill randomly) all users passwords (starting from yours). If you will not succeed in finding the whole, you may hope that it was a single incident, but it is still better to reset at least admin passwords, when you come to such a conclusion.
Did you install the hotfixes?
yes
What other PHP-scripts do you have installed at the same host (DB access may be gained through other script)?
nothing
Is it DS/VDS or simple virtual hosting?
dedicated
Are you sure no-one could get password in non-technical way? :-)
I think so
Do you have Apache access-log available for the period when user has changed his group?]
Can you explain more? Do you mean httpd log?
Can you explain more? Do you mean httpd log?
Yes. Could you investigate it or just zip it (better just a part of log for the period when you think you were hacked) and mail me.
I dont know if I can access httpd log.. (actually I dont know where it is 
) in cpanel or file manager ? I think, only root can access that.
Do you mean "Raw Access Logs" ?
Today there are 3 hotfixes :
- PunBB 1.3 hotfix for a potential SQL-injections at admin users page.
- PunBB 1.3 hotfix for a potential SQL-injections in admin/settings.php for permissions config values.
- PunBB 1.3 hotfix for a potential XSS attack at login page.
I hope those hotfixes will solve my problem, wow very critical bugs 
PunBB Forums → PunBB 1.3 discussion → Got hacked
Powered by PunBB, supported by Informer Technologies, Inc.