Topic: Hacked By DaRkNeSs

Hi Everyone:

First time posting.

First off PBB is excellent and really like the forum. Version is 1.2.17

The last two days both of our forums have been hacked into. Basically the hacker got into the database and changed the config mySQL table and changed the the following fields

o_cur_version     
o_board_title
o_board_desc

Also the whole categories has been changed also.

Hacked By DaRkNeSs | only_teknick@hotmail.com

No other data was lost.

I guess my question is did we not set something up right or is this a larger issue and how do we deal with it. It is simple just to go in and change stuff back but if it happens every day it would be a major pain.

If you google you do get a lot of hits so surprised no one has posted yet.

http://www.google.com/search?hl=en& … gle+Search

Thanks once again

Re: Hacked By DaRkNeSs

Well, it obviously isn't a PunBB issue judging by those search results wink

The best idea is to change your passwords, and make sure they aren't displayed publicly anywhere.

Re: Hacked By DaRkNeSs

While changing passwords regularly is probably a good idea, I don't think bad passwords are the problem here. It seems a vulnerability somewhere in the LAMP stack is being exploited - most likely at the PHP layer.

Can you tell from any of your logs (web, ftp, ssh etc) how the attacker arrived on your system and perhaps what script they threw at your site to gain access to your server?

Given the number of hacked sites, I don't think this guy would have done them all manually, so there is probably a footprint left behind somewhere, perhaps from the initial, scouting part of the script - eg when they search for a vulnerable PHP script with known weaknesses (eg I've seen a lot of scans recently for various PHP calendar scripts with known vulnerabilities, and searches for PHPMyAdmin are also common) that then allows them to compromise the system and get the ability to - for example - run shell commands or include remote scripts.