You are not logged in. Please login or register.
PunBB Forums → PunBB 1.2 troubleshooting → Been hacked, please help
I logged onto my forum today and found that had been hacked. Webpage came up saying config.php was missing or corrupt, but there was a title on the page saying "`sei OwnZ your box!" and an icon that looked like this:
I have already renamed my index.php file so no one else can get on until I get this fixed. I have two questions:
1. What do I need to do to repair this?
2. How can I make sure this doesn't happen again?
Thanks!
Paul
1. It depends on what the hacker did. If the hacker didn't touch your database, then I would upload a new copy of config.php (obviously, I would change your usernames/passwords for MySQL/FTP/etc). If the hacker did mess with your database, you'll have to undo whatever they did manually or use a backup
2. It depends on how you were hacked. What version of PunBB were you running?
You'll also want to look for any backdoors that might be hidding: check all your folders for files you don't remember uploading there (they might have names like email.php and system.php)
Thanks for the reply. Do you recognize this hacker?
I'm running 1.2.14. I had a backup copy of the config.php file so I renamed it and was able to log on. Forum seems to be running okay. Other than changing user name and passwords, any other suggestions?
Paul
Thanks for the reply. Do you recognize this hacker?
No, I'm afraid not, but I was able to take a look at some stuff on the domain he stored the image on.
I'm running 1.2.14. I had a backup copy of the config.php file so I renamed it and was able to log on. Forum seems to be running okay. Other than changing user name and passwords, any other suggestions?
Make sure to look for any backdoors he left and try to figure out how he got them in in the first place. It looks like your site is on a dedicated server, so I'm not sure exactly how he would have done it.
Make sure to look for any backdoors he left and try to figure out how he got them in in the first place. It looks like your site is on a dedicated server, so I'm not sure exactly how he would have done it.
I've never been hacked before. What kinds of things should I look for?
When I attempted to run my forum initially I got this page: http://www.calvarychapelontario.com/hack.html
You can see that this page points to an install.php file!! What's up with that? I renamed the file.
Paul
I've never been hacked before. What kinds of things should I look for?
Mostly, any files that don't look right. Be especially wary of anything named system.php
When I attempted to run my forum initially I got this page: http://www.calvarychapelontario.com/hack.html
That's the default page you get when config.php doesn't exist/has been messed with (well, the default plus the hacker's message).
I saw that page after you posed this topic. I backwalked the image's URL to a backdoor on another server, which I took the liberty of removing 
I renamed the file.
Wait, was the install.php the default PunBB install.php or something else?
Wait, was the install.php the default PunBB install.php or something else?
How would I know? Would I be safe just adding a fresh install.php file from the PunBB archive?
Paul
You don't need install.php once you've installed PunBB 
If you still have it up, you could email me the contents of the file (or a link): I could take a look and see
I REALLY appreciate all your help here. You can grab the file at http://www.calvarychapelontario.com/install.php
Thanks again!
Paul
Yeah, that looks like a default PunBB install.php file: you can delete it safely 
Could the fact that I left that install.php file there have been the way someone got in?
Nope: install.php doesn't run if config.php exists
Many thanks!! I went ahead and refreshed all the essential 1.2.14 files just in case something might have been tampered with. I really appreciate the support and great advice! It was super!
Paul
PunBB Forums → PunBB 1.2 troubleshooting → Been hacked, please help
Powered by PunBB, supported by Informer Technologies, Inc.