My Phpbb Was Hacked!...

liunx

Guest
Hello,<br /><br />My phpbb forum was hacked yesterday.<br />Fortunately, I restored most data because of TCH's weekly backup. Thanks, TCH.<br />However, I would like to know how to find out if there's still any back door program/entry in my space/database???<br /><br />Btw, I know the version of my phpbb is too old and it's very important to upgrade phpbb or any other scrip/software to the latest version to prevent the possible attacks. However, because there are too many mods installed (actually, I installed phpbb plus so that these mods were built in), I really don't know how to upgrade properly.<br /><br />Anyways, I'll try to search and read more posts about phpbb security and try to upgrade it (if I know how).<br /><br />Thank you very much.<br /><br />Best regards,<br /><br />Sleepy<!--content-->
Updating it is the only way you are going to protect yourself.<br /><br />The <a href="http://phpbb.com" target="_blank">phpBB site</a> has upgrading instructions.<!--content-->
What version are you running? If it's an old version, you can be mostly guaranteed that there is still a hole somewhere.<!--content-->
The one I am running is phpbb 2.0.4. (actually I installed phpbb plus 1.1, which is phpbb2.0.4+many mods built in). I'll search and read the relevant articles and try to find out how to do the upgrade without affecting the built-in mods.<br /><br />However, before I upgrade and reactivate my forum, is there any way to find out if there's any bad program/script was installed by the hackers???<br /><br />Thank you very much.<!--content-->
The current version is 2.0.21. You are way way behind in updates.<!--content-->
You need to upgrade. I'm surprised you made it this long without a problem, and now that you are on someone's radar it is pretty much guaranteed to happen again.<!--content-->
Thanks for your suggestions.<br />I'll start to find out how to upgrade and upgrade my phpbb accordingly (hopefully I could do that successfully).<br />However, after running the upgrade to the latest version, is there any way to check if there's anything bad left in my space/phpbb/database when the hacked attacked my phpbb yesterday???<br /><br />I just want to make sure that my site is clean after the upgrade...<br /><br />Thanks...<!--content-->
Most of the PhpBB hacks exploit the code to inject information into the MySQL database. I would suggest looking through your site using either FTP or the File Manager in cPanel to see if there are any files that you don't recognize. You can also look at the database using PhpMyAdmin and see if you see any odd entries left over. I would guess the restore of the database you had run corrected that for now. You should update the software as soon as possible to keep them from returning to hack in again.<!--content-->
Thanks for your reply GvilleRick.<br />I know how to FTP to check if there's any new file added.<br />However, as to checking database by PhpMyAdmin, I totally have no idea where to start and how to do it. I guess I'll just assum there's nothing odd in it...ha<br /><br />Btw, right now, I'll upgrade my forum by the patch file provided by phpbb.com.<br />However, could anybody tell me how to run<br /><b>"patch -cl -d [PHPBB DIRECTORY] -p1 < [PATCH NAME]" </b><br /><br />I know the [patch name] should be "phpBB-2.0.3_to_2.0.21.patch".<br />However, what should I put for [PHPBB DIRECTORY]??? (domain name is "sleepy.idv.tw"; forum folder is "sleepy.idv.tw/miami/forum/")<br /><br />Besides, should I upload the file, "phpBB-2.0.3_to_2.0.21.patch", only or all the files and folders unzipped from the file downloaded from phpbb.com???<br /><br />Thank you very much<br /><br />Best regards,<br /><br />Sleepy<!--content-->
As far as I know <br />"patch -cl -d [PHPBB DIRECTORY] -p1 < [PATCH NAME]" <br />is a Linux/Unix command-only and unless you have ssh access to your server, you can't do it (unless you run Linux at home and download your site to there and run the patch). I could be wrong about that, because it has been so long since I did anything in Windows. <br /><br />More than likely, your choice is to apply the patch <i>or</i> upload the files, but there should be a README or INSTALL file in what you downloaded that tells you. <br /><br />Chances are, with the mods you have installed, the patch would fail to work anyway, because it depends on line numbers (sorta) and context, I believe, that won't be the same with the mods added. <br /><br />It is a pain in the behind when you have mods installed to do upgrades, I know, but for security reasons, you really must do it. Some security holes in web apps can actually grant the cracker ('hacker' is used incorrectly most of the time nowadays) access to the server itself, which hosts other sites unless you are on a dedicated server. If something like this happens, your site will get suspended or revoked and you may even face legal issues (seriously....it's called 'negligence'...I'm not trying to be a jerk, just laying it out there)<!--content-->
Hello,<br /><br />You may have already gone too far, but if you patch using the file patch method at phpBB, you will overwrite the files which keep all your mods going.<br /><br />I believe if you type in "phpBB plus" into google, you will be directed to a site which is a fully modded version of phpBB with mods. This may be your best bet.<br /><br />If not, you will have to go to the phpBB website and find the files which are for thoose with heavily modded forums. You will then have to manually go through each of your files and edit in the correct bits. You will have to do this for every patch from 2.0.4 -> 2.0.21 and there are alot of changes, some major which stop certain mods working (and hence thoose developers had to fix thoose mods) hence unless you want a really really big headache, go and look at phpBB plus or loose the mods.<br /><br />Either way, personnelly this is, I believe your are too far back in the design line to be saved, sorry!<br /><br />JimE<!--content-->
Thank you very much for all of your replis.<br />I guess I would switch from phpbb plus back to phpbb.<br />That would probably be easier for me to upgrade hereafter, especially for a person like me who doesn't know much about php, database, etc...<br /><br />Does anyone know how could I install a new phpbb forum and get all the posts and user information from the <br />old phpbb plus??? Is that possible??? I could drop all the mods bundled with phpbb plus. I don't care about those mods now. The forum itself is the most important to me.<br /><br />Thanks again and I would also go to phpbb.com or phpbb.de (for plus) to ask for help.<br /><br />Best regards,<br /><br />Sleepy<!--content-->
Hello Sleepy,<br /><br />I don't have a written guide on how to do this, but I would its more then possible, although you will have to backup everything first!. phpBB is quite good in the fact that its should be easy to use the posts, users and forum tables from another phpBB install (your old install)<br /><br />Give it a try, and let us know how it goes!<br /><br />JimE<!--content-->
 
Back
Top