Sub Menu
Links Menu
Online Users

In total there are 332 users online :: 2 registered, 0 hidden and 330 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot] based on users active over the past 60 minutes

Hacked on Sep 26 ~ 8:04 AM EST

This is where youll find security related information.
Discuss Integramod/phpbb security issues here.

Moderator: Integra Moderator

Hacked on Sep 26 ~ 8:04 AM EST

PostAuthor: jwernerny » Wed Sep 27, 2006 1:54 pm

Hello everyone,

It looks like there may be some newly exploited vulnerabilities out there. This morning, before going to work, I did some maintenance of my forum (cleaned out spam users, etc.). I then went to work. Later in the day, I got an e-mail from a friend saying he couldn't get to the forum. I checked, and I was only getting blank pages. At lunch, I submitted a help ticket to my host (wb-hosting), and they got everything working.

What they found was interesting: every chmod 666 or 777 php file had had the "?>" removed from the end. They were able to patch everything back up fairly quickly.

I then found that it is very easy to use tools hacking tools to find writable files. It is even easy to use it to modify those files, like making them all write protected again.

So, a word to the wise, make sure _ALL_ of your permissions are set correctly.

BTW, it looks like they hit a bunch of sites on that host.

- John
Last edited by jwernerny on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
User avatar
jwernerny
Members
Members
 
Posts: 87
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 3:58 am
Cash on hand: 0.00
Location: Fairport, NY

Re: Hacked on Sep 26 ~ 8:04 AM EST

PostAuthor: Drop-Forged » Wed Sep 27, 2006 2:55 pm

It could be that they hacked the host Server through another site, and then did the damage to other sites once they took control of the Server.

Not saying that is what happened, just a possibilityà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦ <img>
Last edited by Drop-Forged on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[url=http][img=left]http://www.christiansoldiers.com/Sig/sig.png[/img][/url]
[url=http]Free IntegraMod 141 Themes at webhutch.net[/url]

Drop-Forged
Integra Member
Integra Member
 
Posts: 167
Likes: 0 post
Liked in: 0 post
Joined: Sat Apr 08, 2006 7:07 pm
Cash on hand: 0.00

PostAuthor: Michaelo » Thu Sep 28, 2006 4:31 am

If the other sites on the server that were hacked are phpBB based I would suspect hacking however if the sites were mixed I would suspect the server was hacked ... Hard to tell... I assume the server is Linux based?
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland


Return to Forum Security

Who is online

Registered users: Bing [Bot], Google [Bot]

cron