I Got Hacked!

**Xav** · 11-06-2008, 01:09 PM

I was very surprised when I logged in to my Warning! This site has been hacked. • Index page phpBB3 forum today. Every forum name had been replaced with "you have been hacked" and so on. The hacker seems to have used a moderator's user account (who does not have permissions to edit forum names) to change the details and then delete the log, removing all traces of him.

Now, what I want to ask is: how did the hacker do this, and how can I stop it from happening again? I am the only one (so I thought) with permissions to edit forums, and my password is complex.

Jordan · 11-06-2008, 01:32 PM

Do you have an updated version? Is there any security flaws in the version you are running?

**John** · 11-06-2008, 01:51 PM

Do you have an easy to guess password?

**chili5** · 11-06-2008, 06:00 PM

Check for an updated version of phpbb that might be more secure?

Any chance did you write your password down somewhere?

**Brandon W** · 11-07-2008, 04:02 AM

He said that his password is very complex so I don't think it would be guessed or used a script to test a lit of passwords.

Make security holes in phpBB?

**antoniyo** · 11-07-2008, 04:58 AM

What was your password. try again by using that password or use some smiler password as if you forgot password...it may be possible?? i am sure if your password were complexity you can't hacked.

**Brandon W** · 11-07-2008, 05:16 AM

Security leeks.

**Xav** · 11-07-2008, 11:11 AM

Originally Posted by Jordan

Do you have an updated version? Is there any security flaws in the version you are running?

First question: yes. Second question: no.

Originally Posted by John

Do you have an easy to guess password?

No.

Originally Posted by chili5

Check for an updated version of phpbb that might be more secure?
Any chance did you write your password down somewhere?

No.

**Xav** · 11-07-2008, 11:14 AM

Issue Fixed

OK, here was the problem. It is phpBB's permissions settings (I know how much you hate them John).

Basically, phpBB has separate permissions for groups, users, moderators, and individual forums. It gets so confusing. What happened was: I allowed a certain action for a member, but it ended up giving the user full admin permissions. He took advantage of this and edited the forum names/title.

The "hacker" turned out to be my good friend from school, playing a joke. Yawn.

**John** · 11-07-2008, 11:58 AM

Some friend he is... :?

Thread: I Got Hacked!

LinkBack

Thread Tools

Search Thread

Display

I Got Hacked!

Re: I Got Hacked!

Re: I Got Hacked!

Re: I Got Hacked!

Re: I Got Hacked!

Re: I Got Hacked!

Re: I Got Hacked!

Re: I Got Hacked!

Re: I Got Hacked!

Re: I Got Hacked!

Thread Information

Users Browsing this Thread

Similar Threads

Can you be hacked?

Google HACKED?

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions