Jump to content
xisto Community
Xevian

Hackers In Invisionfree Need help urgently

Recommended Posts

I'm not really well versed in the arts of using the computer without software aid, anyway, my friend's friend created a invision free board for roleplaying, and this hacker who hates my friend's friend hacked into the original board and deleted it, now he is attacking the second board that we have made... Can someone give me some insight on how this hacker is always successful? Is there anyway to block this?

Share this post


Link to post
Share on other sites

what Operating system and software is the board using ????without knowing its not possable to detect the porblem.i assume you are using some kind of unix / linux / bsd as the server, have a look in the system logs of the running public servers.you should be able to determine the attackers IP address.run "whois <attackers ip>" in the command line, and read the output, you should get his ISP details, and an abuse email. send coppies of your system logs showing the hack to this abuse email.thn hopefully, his internet sevice provider should send him a letter, which will hopefully scare him enough to stop, especially if its just a script kiddy.also, look into securety software such as tripwire and snort.it is very possable that the first time he hacked your machine, he installed a root kit, which can be semingly invisable on the host system, the only real way to clean a good root kit is a complete format and re-install.you COULD ban his ip address in your firewall,, however he would probably just start using a proxie if you did that.consider using the following software...OpenBSD (the most secure OS available.. also free)Tripwire (intrusion detection system that acts on your filesystem)Snort (network intrusion detection that acts on the network cards)rkhunter (scans for root-kits)clam anti virus (virus scanner)

Share this post


Link to post
Share on other sites

To be able to delete the forum files, your hacker has to gain access to your server hosting those files with administrative privileges... If it's windows based - there are about a million ways to get in - bt if it is a linux platform, ask your friend and post the version of kernel you are using and whether he has any DNS server namely BIND running on Linux (check if the version of BIND is 8.x) - coz anything below BIND 9 (minus patches) can be exploited using this thing known as Buffer Overflow, that can be used to your advantage to gain root access on the hosting server and remove all files. Just check on your friend with this list of querries and repost in here and we might be able to provide you with some way out... Also whether windows or linux based, ask your friend to check the system LOG Files, specially the connection logs and carefully notice all the incoming IP's - ie who all have connected to his system from the outside world and using WHAT protocol.. That might be a dead giveaway, unless your mysterious hacker was not being stupid and removed/modified those logs.. still its worth a try :P Alternatively, he might be using some other Invision Exploit. I don't know much about board softwares - maybe the admins here can provide you with some answers...All the best :P

Share this post


Link to post
Share on other sites

He deleted the old board, and now he hacked into my friend's friend's account and posted a PM to one of the members who has trouble with the admin who is my friend's friend, claiming that he can teach that member how to hack and the like, now the hacker slowed down the site by a heck load, it is just simply not working... It loads so slowly that its just a blank page...I'm using a modem

Share this post


Link to post
Share on other sites

there is nothing anybody can do to help you unless you give us information about the server.

lets start with Operating system...
Windows2000 / WindowsXP / windows Server2003 / FreeBSD / OpenBSD / Solaris / GNU/Linux ????

Get your friend who runs the server to come and talk to us.

whats the URL address of the board ???
there is alot you can tell about a server simply by looking at the page produced when you point your web browser at http://forums.xisto.com/no_longer_exists/

edit: dont click that link, i just made it up, it doesnt go anywhere.

Share this post


Link to post
Share on other sites

Can you post some details over here:1. Which OS (Windows/Linux) are you using and which version/brand ?2. What web-server software (IIS/Apache) is installed and running the board?3. What kind of connection does your server run on (ADSL/Dialup) ?4. Which version of Invision are you using ? 5. Finally - check the system logs for unusual outside activity/connections and if you have any idea about the date of the hack, can you paste the logs in here for that date ? Regards..

Share this post


Link to post
Share on other sites

Hm... Have not much to say, just this.Most of the socalled 'hackers' are just people who run an openly available exploit found on the net. So maybe you could just use another version of the board and keep it updated.Btw. Most hackers delete the access/security logs, so I wonder if you can get 'm, if not, he should be easy to search and destroy :P... Hmm played to much call of duty i think :P.Good luck.

Share this post


Link to post
Share on other sites

I've had InvisionFree forums. I know the forum software is a modified version of IPB 1.3, don't know much else. A lot of InvisionFree fans claim that IF is invincible and is harder to hack than regular IPB, but the ACP is apparently much easier to hack into.

 

There's some psycho group that claims they don't hack, that they only ask to become admins (the group's entire exististence is for the sole purpose of getting rid of sites run by "n00bs"), but if that's all they do, why do they only hack InvisionFree boards?

Share this post


Link to post
Share on other sites

All of us are using Windows XP Professional.What web-server software (IIS/Apache) is installed and running the board?This i'm not really sure... Cause i'm just a mod there... Should be the same as all other invision free!What kind of connection does your server run on (ADSL/Dialup) ?Uhhh... Invision free?Which version of Invision are you using ?Don't really know but does the html code with a s6.invisionfree.com have anything to do with it? Cause there are other forums with a s7.invisionfree.com instead...The hacker came about... 4 days ago!

Share this post


Link to post
Share on other sites

In order to hack INVISION BOARD, Unlike the other people here, I think the hacker has simply used SQL INJECTIONS.If one searches for underground sites, it is quite easy to find underground hacks for these popular boards. The SQL Injection is enough to clear all the data and files. Because hacking a server is not easy. Because servers have a hell lot of protections. Consider my own server, IRC has been blocked, there are various ports which have been blocked. There is an option for DDOS attact protection which has been enabled etc.. All these things make it quite difficult for anyone to hack a server. The only easy way to get in is, SQL Injection. Which is what I think this person has done. In most of the cases, The Admin password is used to sneak in. Your friend must have made him a MOD or ADMIN and then he or someone else may have given him the access. I suggest him to Chose Admins wisely. The same had happended at Xisto. One of my admins ( x3rox) had accidently kept the admin CP open while his friend managed to mask his username with ADMIN access. He started abusing our board and luckily we found out. Anyway, these are just a few things which come into my mind regarding hacking of a board. If your friends site is not a major one then I am definately sure that the hacking was actually done by abusing the forum system.

Share this post


Link to post
Share on other sites

Hmm....Give me a link to your website and I will see what I can find out... Also to slow it down I think he might have used a "buffer overflow" or somethign like that I'm not really sure...But if hes taking your bandwitdh thent hats why it's going so slow...But I can take a look at whats going on...And what the other people int his forum are trying to ask is if your friend hosts his website on his computer or does he have some free website hosting thing on the net...Cuz if it's freewebhosting on the net then chances are that it's apache and he might be using a program called "brute forcer" yeah...thats quit the good program for that kinda stuff...I suggest you tell yourf riend to make a backup of his database RIGHT NOW...Then secondly post the link to your website here and I or another member/mod/admin will most likely look into it for you...A good way to get better protection would be to switch your webhosting to Xisto...as opqaue said we are quite protected and if you have a mysql backup of the forum and you copy all the files used to make that forum down...I may be able to get it running on Xisto... Just pm me for help...And read our free webhosting plan...It is very reliable and hasn't been hacked into for as long as I've been here and ever before that from what I have read and heard.But please also post more info on the problem and the link would be quite handy...thnx

Share this post


Link to post
Share on other sites

Ok... I think that guy is hacking again... It shows that the board would be deleted in 10-20 days... I sent you the site, Spacewaste. Hope you can figure out what is going on... Making a backup is too late... It is already destroyed. He sent an e-mail to all of the admins on my friend's site saying that he does not hate the rest of us except the person who owns the site, and that he only wants to take the joy out of my friend's friend's life

Share this post


Link to post
Share on other sites

Ok... I think that guy is hacking again... It shows that the board would be deleted in 10-20 days... I sent you the site, Spacewaste. Hope you can figure out what is going on... Making a backup is too late... It is already destroyed. He sent an e-mail to all of the admins on my friend's site saying that he does not hate the rest of us except the person who owns the site, and that he only wants to take the joy out of my friend's friend's life

<{POST_SNAPBACK}>


hmmm what version of invision board were you using again?

 

cuz if it's 2.0 it could just be the trial expiring...not sure I will look at the link though

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.