1 Topic by Astraea (edited by Astraea 2005-05-24 11:50)

  • Registered: 2005-05-24
  • Posts: 5

Topic: Hacked!

My forum has just been hacked. All the administrators have been banned. Profanities have been put in the Announcement section, my forum title was changed, ordinary words like 'a, the, their' have been changed into obscene words.

I've remedied it and found the culprit. I also banned him from the forum and upgraded to the latest version of the forum.

What I want to know is how this happened and how I could prevent this from happening again. Also, is banning that person a sure thing that he cannot enter the forum again?

Thank you.

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Hacked!

What version were you on?

  • Registered: 2005-05-24
  • Posts: 5

Re: Hacked!

1.2.3

4 Reply by Smartys (edited by Smartys 2005-05-24 12:13)

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Hacked!

Well then, I'm guessing the cause was the critical vulnerability in versions < 1.2.5 smile
Here it is
If you updated to 1.2.5 you should be OK

  • Registered: 2005-05-24
  • Posts: 5

Re: Hacked!

So I do not have to edit profile.php if I already upgraded to 1.2.5?

6 Reply by Smartys (edited by Smartys 2005-05-24 12:33)

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Hacked!

Erm, did you upgrade to 1.2.5? Because if you did it properly using the patch you already changed that line smile
Or did you just re-download the files and upload them?

7 Reply by Astraea (edited by Astraea 2005-05-24 12:37)

  • Registered: 2005-05-24
  • Posts: 5

Re: Hacked!

I upgraded to 1.2.5 before I posted here and it worked fine. Should I change anything else there or is it fine as it is? Or is the modification you pointed me to happened after I upgraded? thanks!

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Hacked!

No, it happened before
These changes happened after

  • Registered: 2005-05-24
  • Posts: 5

Re: Hacked!

Thank you.

  • From: Germany
  • Registered: 2005-03-09
  • Posts: 17

Re: Hacked!

I think you should also check if there any "backdoor users", i.e. users that were given administrator or moderator privileges who might cause trouble again later.