Hi All,
Earlier today the site was hacked, and all pages were being redirected to a site that said our site had been hacked :).

Luckly I found out this morning that it was only a few fields within the DB that were causing the redirection, but it was not until this evening that I worked out how to get the forums back online ( I should have paid more attention in that PHPBB lecture ).

At the moment we are still vunerable to an attack so if there is anyone who is a PHPbb guru, could you please let me know who easy it is to upgrade the PHPbb files from our current version ( which is buggy ) to the newer one. Also keep in mind that I don't want to break anything WILL as customised.

So I appologies for the down-time and thanks again for your patience while this problem was sorted.


Dominique.

I've noticed "quick hack fix" while the forum was closed.
Perhaps you should update the forum to the newest PhpBB version (I have also heard there was some vulnerability in image tags for IE, but I think this is not related).

i suggest this:

1. backup site
2. apply newest phpbb files (all but skins)
3. look how it looks, is it is still broken restore backup and call will.

might be time to upgrade phpbb ;)

DPG CAN TAKE IT !!!!

Glad it's back up again :P
PS. Currently our ste (www.necrosoft.nl) is offline cause some idiot stopt it :|

might be time to upgrade phpbb

Although I agree with this, WILL has made extensive modifications to the current version of phpbb. An upgrade now, will mean the loss of quite a few features. So I would recommend against it at this time.

Did the redirect involve a posting in our forums? If so, theres a good chance the ipnumber has been logged. We can easily ban that.

Oh btw, Perhaps its a good idea not to show the current version of phpbb on this board (at the bottom of the screen).

And another point: there's still two 'FIX FOR HACK' texts that need removing.
Both are on the main forum page, at the top.

Hi guys, I was awaiting Traveller's feedback as I am not aware exactly how extensive WILL's customisations have been. Hence also why I was reluctant to just go in there and update things even though it is needed.
He is due back around the 23rd of November so we can crack the whip then :). .

The site provider wanted to restore a back up of the DB from 3rd of Novemeber, but since only 2 tables were affected I didn't want to lose all that posts we had as I knew all the data was there. Anyway backups are done, but not every night. Maybe WILL does something more regularly.

In the mean time, all I think we can hope for is to not to get a worse hacking.

PS. I have removed the phpbb version number as well.

I don't wish to sound harsh but it was a long time comming. Don't get me wrong, I know maintaining such big projects among doing other things takes time and energy and that the number of people doing this is very limited. But PHP is simply CRAP. 90% of the PHP forums and other "dynamic" content pages are vulnerable either to XSS or SQL injection(which is what this page was hacked with). It's simply because PHP itself isn't exactly safe and also because most PHP programmers are script kiddies with no proper knowlidge.
See also how Lazarus page was hacked. Basicly same thing. Old version of forum software and again PHP.(IMHO the new ones aren't much safer, just their vulnerabilities aren't so known).

Ok now for some solutions..

If you have access to the sources, please have a look in the SQL parts. Make sure ALL SQL input is FILTERED for all SQL sensitive chars. This is the basic. If you can fix it custom(as I understand you can't simply update). Also make sure to check these things if you can even after you update. You never know if the script kiddies actualy did things right this time.

Please don't get me wrong. I'm not criticizing you. Doing this page in different thing is probably too troublesome(I did some CGI in FPC and it's quite a PITA for example) and I certainly understand the reasons. It's just that people don't want to hear the truth and these hacks are multiplying over PHP pages mostly forums too much to be ignored..

What site the hack was referring to?
And was there any info that could be used to determine who did this?
(Did you check log files?)

I repeative hack attemps on my site from russian idiots. problem was they kept comming back. It ended when i put ipcheck/domaincheck on privledged accounts and put both email validation AND manual validation on registrations . . . . .

especially the proteciton of privledged accounts have prooved nice, as it hindered re-use of passwords as my hacker 'friends' (russian nutcases) did alot after hacking sites in same community sphear previously.

I have also found IPB to be safer than PHPBB..

The site that all the pages were being redirected to was...

http://secretlyx[dot]sitemynet[dot]com/hacked[dot]htm

I removed the dots(.) so that it was not a working link.

I found IPB to be safer in general, but a bit of a pain if you can't afford it and are stuck with the free version. I just found mybb (http://www.mybboard.com/) by accident a week ago, but I've found it to be excellent.

Just noticed but the main news forum, this one, is titled "fix for hack". You might wanna fix that. ;)

This is slightly off-topic, but...


But PHP is simply CRAP. 90% of the PHP forums and other "dynamic" content pages are vulnerable either to XSS or SQL injection(which is what this page was hacked with). It's simply because PHP itself isn't exactly safe and also because most PHP programmers are script kiddies with no proper knowlidge.
What do you consider "safer" then, Perl? CGI? In fact, what kind language is safer? If you can write a virus in Pascal, then it's not a safe language and "is simply CRAP"?

Although I think "beign unsafe PHP" has nothing to do with it, the whole concept of adding "mods" and "hacks" to forum software is rather flawed. You can't easily update the forum software if many mods/hacks are used and it's also open it to vulnerabilities. This is the reason why on Afterwarp site we haven't done any "hacks" to the forum (and our front page is now empty :oops:).

P.S. Followed by PGD hack event, I finally got myself motivated to upgrade forum software on afterwarp.com :D [it's powered by vBulletin, but still...]

Just noticed but the main news forum, this one, is titled "fix for hack". You might wanna fix that. ;)

Thanks for that, forgot about it. I named it "Main" for now as I can't remember what the heading was originally.

I really don't understand why they do this, especially to sites like this? Maybe they don't like Delphi?

We got hacked a while back, also on PHPBB, you need to be using the latest version! And upgrade EVERY time a new release hits!

Trust me, where forums are concerned they will get hacked if there's a hole. I think people spent time looking for forums to hack, to prove they can do it, or to understand the process. Typically, people like that will use a search engine to start with, to find a site running version X of whatever forum software.

As suggested above, remove the version number from the display as well =D

Just a quick question that I am sure other people are concerned about...

The nature of the hack, what did it expose? Was this purely a redirection / admin hack, did they have access to our email addresses and passwords?

Firstly all passwords are encrypted on our site, so even I would not be able to tell you what it was if you did not remember it.

All that appears to have been done is the amending of 2 phpbb tables, which caused Javascript redirection scripts to be inserted into certain fields and setting the phpbb to "unavailable". I corrected the 2 phpbb tables and made the site "available" again and everything is back to normal.

It's a known vunerablity in this version of phpbb, but as mentioned earlier, we cannot address the upgrade untill WILL gets back.

What do you consider "safer" then, Perl? CGI? In fact, what kind language is safer?


Per-language safety is mostly done via compiler checks etc. Most work, I agree, falls on the programmer.


If you can write a virus in Pascal, then it's not a safe language and "is simply CRAP"?

I don't understand your reasoning here.


Although I think "beign unsafe PHP" has nothing to do with it, the whole concept of adding "mods" and "hacks" to forum software is rather flawed. You can't easily update the forum software if many mods/hacks are used and it's also open it to vulnerabilities. This is the reason why on Afterwarp site we haven't done any "hacks" to the forum (and our front page is now empty :oops:).

True.


P.S. Followed by PGD hack event, I finally got myself motivated to upgrade forum software on afterwarp.com :D [size=9px][it's powered by vBulletin, but still...

This is EXACTLY the crap I was talking about :)
Don't take it personaly but there are 2 and a half reasons for vulnerabilities and MORE importantly hackings.

1. Crappy programmers. See script kiddies section. Long story short, they don't check buffers, they don't check SQL injection etc.

2. Crappy admins. Mostly LAZY admins right? Again don't take it personaly, I only use given material :). I'm lazy too and I'm sure I wouldn't be much better.

The-Half: The last part IS the language used. There are languages which more or less guide the programmer right way, give checks for code etc. There are also languages which never saw an integer overflow check etc.

...

As I mentioned, this is an off-topic :)
Let's just hope Savage or WILL won't notice it...

I got your point and I think SQL injection, for instance, could be fixed in the language itself (so it escapes the string automatically and vise-versa, wherever you use it). Although I think there is an option for PHP to enable automatic escaping of strings, but from this point of view, the language indeed has some flaws regarding security.

However, if you look into it, HTML itself is greatly insecure due to the fact that you can insert scripts almost everywhere.

My point in Pascal being also "unsafe" language was that in a language, you have to choose among flexibility, security and other things. For instance, take ADA vs Pascal comparison: although ADA seems more strict and explicit, it really gets more difficult to program there, as you have to write more code which does less.