|
It is currently Fri Nov 22, 2024 2:51 pm
|
|
Page 1 of 1
|
[ 9 posts ] |
|
Author |
Message |
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm Posts: 4004 Location: Walsall, West Mids, UK
|
Been hacked
You do not have the required permissions to view the files attached to this post.
|
Mon Feb 27, 2006 8:51 am |
|
|
RB
Emperor
Joined: Wed Apr 16, 2003 1:25 am Posts: 2560
|
I am sorry for that Mole. If you trust me more than Satis, I could suggest you some phpBB protections which I made and use.
But, holy damn turkish hackers. Your page has the code which is pretty malicious for phpBB. I posted it in here on CK between the [ c o d e ] and [/ c o d e] and I got this topic defaced. Try to refresh your template first. And then we will search for the cure.
Dunno about phpmyadmin. Never used.
|
Mon Feb 27, 2006 9:04 am |
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm Posts: 4004 Location: Walsall, West Mids, UK
|
I noticed that too, about posting it in the code tags, it made this page die, so I uploaded it as a text file for grabbing.
I've managed to get in to the admin pannel on my forums, but if I click in the management tab for the forum, I get the same page up. I can still access some things.
I've secured my account, there are no rogue admins/mods, and my password and my users passwords are safe.
What do you want me to send to you? Because I don't know how deep this infection goes, and I don't know exactly where it has manifested it's self either. I assumed it was the index page, untill I got in to the admin pannel and found it there too.
How do you mean, refresh my template?
Thanks for your understanding.
EDIT:
Researched in to it.
Basically, they had created new forum and put it inside a giant Iframe, with their logo in it. Googled that, fount something called toolkit, which removes any Iframe, javascript tags etc.
This then allowed me to reaccess my management pannel.
Which then allowed me to delete their forum.
Take that you bastards!
Now, On to not allowing people to access phpmyadmin
Last edited by Mole on Mon Feb 27, 2006 9:41 am, edited 1 time in total.
|
Mon Feb 27, 2006 9:28 am |
|
|
RB
Emperor
Joined: Wed Apr 16, 2003 1:25 am Posts: 2560
|
You are welcome.
Template -- renew all the files in e.g. /template/subSilver/. And then see if the thing happens with subSilver template. If it does, the template is likely no problem.
What source... all *.php files except config.php with templates. I think you do not expose your forum by posting that to one single person but your is to judge if I missed something. Don't post in public, use link in pm.
But try the thing with the template first. Got a messenger?
|
Mon Feb 27, 2006 9:35 am |
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm Posts: 16662 Location: On a slope
|
personally I'd recommend removing all files from PHPbb and reloading from scratch. There's no telling where changes might have been made. You can pm me your phpmyadmin address and I'll see if I can get in.
btw, you might as well assume all your usernames and passwords have been compromised. After you reinstall your forum (not before!) you should probably change all your passwords, including your MySQL one.
*edit* And back everything up before deleting anything */edit*
|
Mon Feb 27, 2006 9:42 am |
|
|
RB
Emperor
Joined: Wed Apr 16, 2003 1:25 am Posts: 2560
|
Yes, that is definetely the best solution to be sure that everything is clear. I am just sick hunter on these malevolent bastards, who wish to break new toy before dropping it on garbbage.
I see your forum is going well again. If you have idea how they did hack you (Apache log would be extremly useful) let us prevent the similar attacks.
_________________ ++
|
Mon Feb 27, 2006 11:21 am |
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm Posts: 4004 Location: Walsall, West Mids, UK
|
Thanks for all the help guys I'm moving the forum in a few weeks anyway, so I'll be doing a clean install anyway. But I managed to sort everything out, I've .htaccessed myphpadmin and updated everything else.
Again, thanks!
_________________ Games to complete: GTA IV [100%] (For Multiplayer next!) Fallout 3 [50%] Rock Band [35%] http://www.cafepress.com/SmeepProducts
|
Mon Feb 27, 2006 12:56 pm |
|
|
RB
Emperor
Joined: Wed Apr 16, 2003 1:25 am Posts: 2560
|
I don't know why you are moving it, but i hope it is not because of this turkish pussies.
_________________ ++
|
Mon Feb 27, 2006 1:00 pm |
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm Posts: 4004 Location: Walsall, West Mids, UK
|
No, it's because my host is a ripoff.
|
Mon Feb 27, 2006 7:28 pm |
|
|
|
Page 1 of 1
|
[ 9 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 21 guests |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|