Site Hacked...

[LP]

What site the hack was referring to?
And was there any info that could be used to determine who did this?
(Did you check log files?)

[sardaukar]

I repeative hack attemps on my site from russian idiots. problem was they kept comming back. It ended when i put ipcheck/domaincheck on privledged accounts and put both email validation AND manual validation on registrations . . . . .

especially the proteciton of privledged accounts have prooved nice, as it hindered re-use of passwords as my hacker 'friends' (russian nutcases) did alot after hacking sites in same community sphear previously.

I have also found IPB to be safer than PHPBB..

[savage]

The site that all the pages were being redirected to was...

http://secretlyx[dot]sitemynet[dot]com/hacked[dot]htm

I removed the dots(.) so that it was not a working link.

[Robert Kosek]

I found IPB to be safer in general, but a bit of a pain if you can't afford it and are stuck with the free version. I just found mybb by accident a week ago, but I've found it to be excellent.

[Robert Kosek]

Just noticed but the main news forum, this one, is titled "fix for hack". You might wanna fix that.

[LP]

This is slightly off-topic, but...

But PHP is simply CRAP. 90% of the PHP forums and other "dynamic" content pages are vulnerable either to XSS or SQL injection(which is what this page was hacked with). It's simply because PHP itself isn't exactly safe and also because most PHP programmers are script kiddies with no proper knowlidge.

What do you consider "safer" then, Perl? CGI? In fact, what kind language is safer? If you can write a virus in Pascal, then it's not a safe language and "is simply CRAP"?

Although I think "beign unsafe PHP" has nothing to do with it, the whole concept of adding "mods" and "hacks" to forum software is rather flawed. You can't easily update the forum software if many mods/hacks are used and it's also open it to vulnerabilities. This is the reason why on Afterwarp site we haven't done any "hacks" to the forum (and our front page is now empty ops.

P.S. Followed by PGD hack event, I finally got myself motivated to upgrade forum software on afterwarp.com [size=9px][it's powered by vBulletin, but still...][/size]

[savage]

Just noticed but the main news forum, this one, is titled "fix for hack". You might wanna fix that.

Thanks for that, forgot about it. I named it "Main" for now as I can't remember what the heading was originally.

[Gadget]

I really don't understand why they do this, especially to sites like this? Maybe they don't like Delphi?

We got hacked a while back, also on PHPBB, you need to be using the latest version! And upgrade EVERY time a new release hits!

Trust me, where forums are concerned they will get hacked if there's a hole. I think people spent time looking for forums to hack, to prove they can do it, or to understand the process. Typically, people like that will use a search engine to start with, to find a site running version X of whatever forum software.

As suggested above, remove the version number from the display as well =D

[Gadget]

Just a quick question that I am sure other people are concerned about...

The nature of the hack, what did it expose? Was this purely a redirection / admin hack, did they have access to our email addresses and passwords?

[savage]

Firstly all passwords are encrypted on our site, so even I would not be able to tell you what it was if you did not remember it.

All that appears to have been done is the amending of 2 phpbb tables, which caused Javascript redirection scripts to be inserted into certain fields and setting the phpbb to "unavailable". I corrected the 2 phpbb tables and made the site "available" again and everything is back to normal.

It's a known vunerablity in this version of phpbb, but as mentioned earlier, we cannot address the upgrade untill WILL gets back.