Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

I Got Hacked!


  • Please log in to reply
68 replies to this topic

#1 Xav

Xav

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 8356 posts

Posted 06 November 2008 - 01:09 PM

I was very surprised when I logged in to my Warning! This site has been hacked. • Index page phpBB3 forum today. Every forum name had been replaced with "you have been hacked" and so on. The hacker seems to have used a moderator's user account (who does not have permissions to edit forum names) to change the details and then delete the log, removing all traces of him.

Now, what I want to ask is: how did the hacker do this, and how can I stop it from happening again? I am the only one (so I thought) with permissions to edit forums, and my password is complex.
  • 0
If you enjoy reading this discussion and are thinking about commenting, why not click here to register and start participating in under a minute?

#2 Guest_Jordan_*

Guest_Jordan_*
  • Guest

Posted 06 November 2008 - 01:32 PM

Do you have an updated version? Is there any security flaws in the version you are running?
  • 0

#3 John

John

    CC Mentor

  • Moderator
  • 4450 posts
  • Location:New York, NY

Posted 06 November 2008 - 01:51 PM

Do you have an easy to guess password?
  • 0

#4 chili5

chili5

    CC Mentor

  • Expert Member
  • PipPipPipPipPipPipPipPip
  • 3038 posts
  • Programming Language:Java, C#, PHP, JavaScript, Ruby, Transact-SQL
  • Learning:C, Java, C++, C#, PHP, JavaScript, Ruby, Transact-SQL, Assembly, Scheme, Haskell, Others

Posted 06 November 2008 - 06:00 PM

Check for an updated version of phpbb that might be more secure?

Any chance did you write your password down somewhere?
  • 0

#5 Brandon W

Brandon W

    CC Mentor

  • Expert Member
  • PipPipPipPipPipPipPipPip
  • 2092 posts
  • Location:Ipswich, Australia
  • Programming Language:C, Java
  • Learning:Java, C++, JavaScript

Posted 07 November 2008 - 04:02 AM

He said that his password is very complex so I don't think it would be guessed or used a script to test a lit of passwords.

Make security holes in phpBB?
  • 0
I've returned...

#6 antoniyo

antoniyo

    CC Regular

  • Just Joined
  • PipPipPip
  • 49 posts

Posted 07 November 2008 - 04:58 AM

What was your password. try again by using that password or use some smiler password as if you forgot password...it may be possible?? i am sure if your password were complexity you can't hacked.
  • 0

#7 Brandon W

Brandon W

    CC Mentor

  • Expert Member
  • PipPipPipPipPipPipPipPip
  • 2092 posts
  • Location:Ipswich, Australia
  • Programming Language:C, Java
  • Learning:Java, C++, JavaScript

Posted 07 November 2008 - 05:16 AM

Security leeks.
  • 0
I've returned...

#8 Xav

Xav

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 8356 posts

Posted 07 November 2008 - 11:11 AM

Do you have an updated version? Is there any security flaws in the version you are running?

First question: yes. Second question: no.

Do you have an easy to guess password?

No.

Check for an updated version of phpbb that might be more secure?
Any chance did you write your password down somewhere?

No.
  • 0
If you enjoy reading this discussion and are thinking about commenting, why not click here to register and start participating in under a minute?

#9 Xav

Xav

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 8356 posts

Posted 07 November 2008 - 11:14 AM

Issue Fixed

OK, here was the problem. It is phpBB's permissions settings (I know how much you hate them John).

Basically, phpBB has separate permissions for groups, users, moderators, and individual forums. It gets so confusing. What happened was: I allowed a certain action for a member, but it ended up giving the user full admin permissions. He took advantage of this and edited the forum names/title.

The "hacker" turned out to be my good friend from school, playing a joke. Yawn.
  • 0
If you enjoy reading this discussion and are thinking about commenting, why not click here to register and start participating in under a minute?

#10 John

John

    CC Mentor

  • Moderator
  • 4450 posts
  • Location:New York, NY

Posted 07 November 2008 - 11:58 AM

Some friend he is... :?
  • 0

#11 Xav

Xav

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 8356 posts

Posted 07 November 2008 - 12:03 PM

I have been assured it was just a joke, and he was planning on changing them back.
  • 0
If you enjoy reading this discussion and are thinking about commenting, why not click here to register and start participating in under a minute?

#12 Brandon W

Brandon W

    CC Mentor

  • Expert Member
  • PipPipPipPipPipPipPipPip
  • 2092 posts
  • Location:Ipswich, Australia
  • Programming Language:C, Java
  • Learning:Java, C++, JavaScript

Posted 07 November 2008 - 12:48 PM

LOL :D
  • 0
I've returned...




Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download