Jump to content
xisto Community
Saint_Michael

Hackers Hijack A Half-million Sites: Phpbb Forum Users Must Read

Recommended Posts

Since January, hackers have hit hit over 500,000 website, with everything you could possible imagine; viruses, trojans, malware etc etc. As for the types of websites, sadly to say, these websites who are getting hit are running PHPBB forum and the worse part is htey don't mention which version of the phpbb forums are getting hack. So it is safe to say any version below 3.0 is hackable and maybe even 3.0 itself. As for some of the stuff that is being transmitted are old and new, but one trojan has been identified and it is the Zlob Trojan or rather variations to the Zlob Trojan. The last major attack happen 3 weeks ago, as government sites and United Nation websites received the blunt of this attack and as usualy the blame was being password around such as Microsoft's IIS and SQL server, but Microsoft denied that a couple of days later.

 

As for how this process is done it is pretty simple:

 

Visitors to a hacked site are redirected through a series of servers, some clearly compromised themselves, until the last in the chain is reached; that server then pings the PC for any one of several vulnerabilities, including bugs in both Microsoft Corp. 's Internet Explorer and RealNetworks Inc. 's RealPlayer media player. If any of the vulnerabilities is present, the PC is exploited and malware is downloaded to it.

So I if your one of those heavy forum modifiers you better want to make sure the holes and patches are fixed or your website will be constantly compromise and what not. So you may want to get a hold of phpbb support or check out hte forms to see what is up with this problem and finding out how it can be fixed.

 

SOURCE

Share this post


Link to post
Share on other sites

As long as Lithium and Invision stay safe, I'm a happy camper.And anyone who hacks to upload malicious software is really just a wussy. It's terrorism behind the safety of their closed doors.

Share this post


Link to post
Share on other sites

That makes me glad that I am currently not running a forum because I generally would use PHPBB but I had 3.0 before. I guess I will have to switch to SMF or something else free unless I pay the $100 so I can purchase Invision. Good luck to all of those running PHPBB.

Share this post


Link to post
Share on other sites

That makes me glad that I am currently not running a forum because I generally would use PHPBB but I had 3.0 before. I guess I will have to switch to SMF or something else free unless I pay the $100 so I can purchase Invision. Good luck to all of those running PHPBB.

OOps thats me lolz better go try fix it or get another forum =[

Share this post


Link to post
Share on other sites

I use phpBB3... never ever had any security issues at all with it. And if I do, you can be sure that I would let the phpBB3 team know.I also asked one of my friends to read through its code and there was nothing there he considered dangerous.I do have MODs installed, but only simple ones that won't compromise the security of my site.

Share this post


Link to post
Share on other sites

hmm interesting thing however I think that this has something more to do with XSS that is cross site scripting then with the forum itself and they have probably made or found some vulnerability in the forums that gave thema bility to redirect users from the forum itself to some malicious site. Because PHPBB forums are quite safe in a way and I haven't heared a lot of problems on their end.

But as alwways there is also other possability and that is that they are not hacking those forums but merely using some service that is generating forums and subdomaines you knwo what I mean those free services that offer forum and subdomain. So what might have happened is that they have hacked some and such service and then changed code behind it so that some of the users would get redirected and voala you've got yourself several thousands slave computers. Easy doesn't it.

Good Luck everyone

But I will still prefer PHPBB against any other forum probably for some time in the future. Also I have it set up though there is no any activity it is good for experimenting. http://forums.xisto.com/no_longer_exists/

Share this post


Link to post
Share on other sites

That is what I am thinking to about the free forum makers as well, but of course I wouldn't be surprise if they brute force their way in because of some simple log in, like admin and password. However, some of the government sites I wouldn't doubt they are using full version software and not going to one of these free sites because that wouldn't make much sense, and yeah I would have to agree that XSS could be another factor. Of course they don't tell what version is being used so it is hard to say who is more affected by this.

Share this post


Link to post
Share on other sites

I don't expect this to happen with phpBB 3, which is more professionalistic than its previous versions. So the problems might be because of some older phpBB versions.As mentioned in the report the attacks have affected only IIS, that is windows servers. So nowadays people who host projects or sites in OpenSource languages especially PHP, Java, Python or Ruby host only on Linux Servers, so this threat will have no impact on them.But still it is always advisable that you keep your softwares updated and patched.

Share this post


Link to post
Share on other sites
Antispyware Name can not be blockedHackers Hijack A Half-million Sites: Phpbb Forum Users Must Read

For months my computer at  70.113.62.18  has been under daily browser DNS attack, reversals of search, and statements with  Xoftspy that your SITE is hijacked, and its placing  Antispyware into quarantine lasted there only as long as it takes to run a new scan. Malwareadbytes could not block it and it is rated SEVERE RISK of the highest level meaning the hijackers were in control of redirects thru browser IEX8 completely. I also run Windows Defender, Regcure,Stopzilla and PC to simply block this controlling trojan malware preventing normal operations at my primary site of http://shopazan.com/  Any assistance, ideas or information that will correct this problem will be greatly appreciated.

-question by J Carrington

Share this post


Link to post
Share on other sites

Oh .. No .. I am a hosting a PhpBB2 forum , and in the initial days i had no problem with the same , i just had a proper way in which users sign up and my forum was looking and was working fine , may be this continued for about more than few days. On one day suddenly spammers broke in , i was really unable to find out whether they are mannual spammers or BOTS , because they were bypassing the Captcha in the registration form. Then i came to know that Captcha can be bypassed easily by hackers and spammers and no longer Captcha provides its security.So from that day till now i have my PhPBB2 forum stormed by spammers , by storming what i mean here is that they just create fake accounts in hundreds :D , so now i am planning to remove the phpbb2 forum entirely from my site , the only question what i have is that , now spammers got to know my site address and if i move to some other stuffs like chats etc. in my site will the spammers attack that too ? if so kindly let me know how to avoid them.I also tried blocking their IP address from cpanel. Still they come :D

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.