Hi guy,
Not my own IP, I come from Viet Nam and hacker too. When I know forum was hacked again, I didn't access to admin CP and go to Hosting Control Panel and view log first.
1 2009-04-05 15:54
Re: My Forum was hacked (9 replies, posted in PunBB 1.3 troubleshooting)
2 2009-04-05 06:57
Re: My Forum was hacked (9 replies, posted in PunBB 1.3 troubleshooting)
I forum was hacked again after I changed my assword to new. I used my laptop to access to my administrator area, no keylog install because I reinstall my laptop before I change my username and password. In log file I found hacker IP: 123.17.183.199.
Some action hacker did in my log file:
123.17.183.199 - - [05/Apr/2009:07:47:49 +0700] "GET /new/request-password.html HTTP/1.1" 200 4080 "http://nhanweb.com/new/login.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:47:49 +0700] "GET /new/extensions/pun_antispam/image.php?8c3a0179bb0be91a359d8419fdc0b43e HTTP/1.1" 200 3779 "http://nhanweb.com/new/request-password.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:47:59 +0700] "POST /new/request-password.html HTTP/1.1" 200 3611 "http://nhanweb.com/new/request-password.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:19 +0700] "GET /new/change-password2-VO1zfQbx.html HTTP/1.1" 200 4037 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:20 +0700] "GET /new/style/Oxygen/Oxygen.css HTTP/1.1" 304 208 "http://nhanweb.com/new/change-password2-VO1zfQbx.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:20 +0700] "GET /new/style/Oxygen/Oxygen_cs.css HTTP/1.1" 304 209 "http://nhanweb.com/new/change-password2-VO1zfQbx.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:20 +0700] "GET /new/style/Oxygen/Oxygen_ie6.css HTTP/1.1" 304 207 "http://nhanweb.com/new/change-password2-VO1zfQbx.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:20 +0700] "GET /new/include/js/common.js HTTP/1.1" 304 208 "http://nhanweb.com/new/change-password2-VO1zfQbx.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:20 +0700] "GET /new/include/js/avim.js HTTP/1.1" 304 208 "http://nhanweb.com/new/change-password2-VO1zfQbx.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:30 +0700] "POST /new/change-password2-VO1zfQbx.html HTTP/1.1" 200 1147 "http://nhanweb.com/new/change-password2-VO1zfQbx.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:31 +0700] "GET /new/ HTTP/1.1" 200 0 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:31 +0700] "GET /new/ HTTP/1.1" 200 6317 "http://nhanweb.com/new/change-password2-VO1zfQbx.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:32 +0700] "GET /new/extensions/pun_tags/style/Oxygen.css HTTP/1.1" 304 206 "http://nhanweb.com/new/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:32 +0700] "GET /new/extensions/pun_tags/style/Oxygen_cs.css HTTP/1.1" 304 206 "http://nhanweb.com/new/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:44 +0700] "GET /new/post112.html HTTP/1.1" 200 5361 "http://nhanweb.com/new/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:45 +0700] "GET /new/extensions/pun_bbcode/styles.css HTTP/1.1" 304 206 "http://nhanweb.com/new/post112.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:45 +0700] "GET /new/extensions/pun_bbcode/scripts.js HTTP/1.1" 304 207 "http://nhanweb.com/new/post112.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:45 +0700] "GET /new/extensions/pun_quote/scripts.js HTTP/1.1" 304 207 "http://nhanweb.com/new/post112.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:45 +0700] "GET /new/img/avatars/32.jpg HTTP/1.1" 304 174 "http://nhanweb.com/new/post112.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:45 +0700] "GET /new/img/smilies/smile.png HTTP/1.1" 304 172 "http://nhanweb.com/new/post112.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:45 +0700] "GET /new/img/smilies/big_smile.png HTTP/1.1" 304 172 "http://nhanweb.com/new/post112.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:48:49 +0700] "GET /new/login.html HTTP/1.1" 200 4036 "http://nhanweb.com/new/post112.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:49:00 +0700] "POST /new/login.html HTTP/1.1" 200 1447 "http://nhanweb.com/new/login.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:49:01 +0700] "GET /new/post112.html?login=1 HTTP/1.1" 200 7729 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:49:02 +0700] "GET /new/style/Oxygen/Oxygen.css HTTP/1.1" 304 208 "http://nhanweb.com/new/post112.html?login=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:49:02 +0700] "GET /new/style/Oxygen/Oxygen_cs.css HTTP/1.1" 304 209 "http://nhanweb.com/new/post112.html?login=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:49:02 +0700] "GET /new/style/Oxygen/Oxygen_ie6.css HTTP/1.1" 304 207 "http://nhanweb.com/new/post112.html?login=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:49:02 +0700] "GET /new/include/js/common.js HTTP/1.1" 304 208 "http://nhanweb.com/new/post112.html?login=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:49:03 +0700] "GET /new/include/js/avim.js HTTP/1.1" 304 208 "http://nhanweb.com/new/post112.html?login=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:49:03 +0700] "GET /new/extensions/pun_bbcode/styles.css HTTP/1.1" 304 206 "http://nhanweb.com/new/post112.html?login=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:49:03 +0700] "GET /new/extensions/pun_bbcode/scripts.js HTTP/1.1" 304 206 "http://nhanweb.com/new/post112.html?login=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:49:03 +0700] "GET /new/extensions/pun_quote/scripts.js HTTP/1.1" 304 207 "http://nhanweb.com/new/post112.html?login=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:49:03 +0700] "GET /new/extensions/pun_tags/style/Oxygen_cs.css HTTP/1.1" 304 205 "http://nhanweb.com/new/post112.html?login=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.17.183.199 - - [05/Apr/2009:07:49:03 +0700] "GET /new/extensions/pun_tags/style/Oxygen.css HTTP/1.1" 304 206 "http://nhanweb.com/new/post112.html?login=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"3 2009-04-04 11:04
Re: My Forum was hacked (9 replies, posted in PunBB 1.3 troubleshooting)
Thank for your answer.
My password so long I don't know why any post from this account was change author to hacker. That is posts long time ago.
4 2009-04-04 09:35
Topic: My Forum was hacked (9 replies, posted in PunBB 1.3 troubleshooting)
Hi all,
First, sory because my English so badly.
This is my forum: http://nhanweb.com . I used PunBB version 1.3 and update every hotfixs .
2 hour ago, some people call to me and told me that forum was hacked by someone. I checked and Administrator's username and password were changed but nothing uploaded. my FTP account is good. I have view log file but nothing logged. Here is some picture hacker changed in my forum.
Hacker said that PunBB's very easy to hack.
Please check PunBB source.
If you want my log file, please contact me Yahoo! Messenger: l_lion.heart_l@yahoo.com or email webmaster@n2dgroup.com .
Thank for your reading
5 2009-04-03 08:54
Re: [BBCode tag request]Hightlight code (PHP) (2 replies, posted in PunBB 1.3 extensions)
Hi boy,
I want to find PHP tag with highlight code. Thanks
6 2009-04-03 05:46
Re: Permanent "New Messages" link (5 replies, posted in PunBB 1.3 extensions)
I think this link should be change to "Private Message".:)
7 2009-04-03 04:12
Topic: [BBCode tag request]Hightlight code (PHP) (2 replies, posted in PunBB 1.3 extensions)
Hi everybody,
I had written a new BBCode tag for PHP to highlight PHP code in my forum. You can visit this forum to view demo: http://nhanweb.com/new/topic55-luu_noi_ … _csdl.html
But, I must modify in include/parser.php to change something. Where can I find a complete extentsion?
EDIT: Altered topic subject //Slavok