Jump to content
xisto Community
Sign in to follow this  
krap

Phpbb Hackers LOL

Recommended Posts

I got an email today:

The following is an email sent to you by an administrator of "KORUPTION OWNZ YOUR S****Y SITE". If this message is spam, contains abusive or other comments you find offensive please contact the webmaster of the board at the following address:

 

korupted@korupted.com

 

Include this full email (particularly the headers).

 

Message sent to you follows:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Dear members. Your petty website has been hacked. The hacker's name is Koruption. Next time dont use a outdated verison of phpbb b***hes

 

So im a bit pissed off and check my forum at http://forums.xisto.com/no_longer_exists/

Everythings fine. Nothing different at all. Bit stupid sending me that email when they didnt even hack it.......

Share this post


Link to post
Share on other sites

I moved it here because this is a security issue, not php progrEven though the fix is php programming.So everyone make sure you have latest version and check your log files :angry:Nils

Share this post


Link to post
Share on other sites

I got an email today:

...Everythings fine. Nothing different at all. Bit stupid sending me that email when they didnt even hack it.......

58504[/snapback]


Check if you still got admin rights and that no admin has been added and update to latest version (2.0.13)

For extra security of your phpBB2 board you can download the phpbb-security mod/hack by aUsTiN --> phpbb-tweaks.com

 

Greetz,

RikŠ

Share this post


Link to post
Share on other sites

I think he meant that they sent him this email not even from the board address, but just kind of as a prank..but if it did come from the site/board address.. then you may very well have been hacked, and as everyone else said, check your logs, update.. and make sure no admins(or mods!) have been added. i would say check the privledges of the last 20 new members or so.

Share this post


Link to post
Share on other sites

Like Haron said, we are dealing with nothing more than script kiddies here.

 

I mean... What kind of a lame person actually sends an email to the owner of the site that he is trying to "hack"???

 

Anyway, I can still see that you are using phpBB 2.0.11.

I RECOMMEND that you upgrade to 2.0.13 as soon as possible!

(Xisto cPanel does not offer it yet, but you can download the changed files from https://www.phpbb.com/, and replace the old ones in no time, like I did on my forum: http://forums.xisto.com).

 

The newer versions have an updating system, so when you log in to your administrator panel, phpBB will automatically check for newer versions available.

 

I repeat: Anybody that knows how to use a DOS command prompt, can run an phpBB exploit and gain administrator rights on your forum!

 

Of course, you should backup your forum database regularly.

Share this post


Link to post
Share on other sites

im not really bothered with that. ive only got 28 members. Im sure anyone who hacks it is really sad as it's such a small site so they would earn no "respect" for it.. If someone hacked Google for instance they would be known as a hacking god among hackers(or a w**ker among me and loads of other people :) )But for my site I dont think the same thing would happen.I'm sure they would rather hack a busy site and cause disruption..I cant be bothered to change to 2.13 or whatever it was- it probably has security holes so when someone finds them I'll need to upgrade again. :)@php releasing two releases in two days.

Share this post


Link to post
Share on other sites

Even with 28 registered users, you shouldn't give some ultra-lamer the pleasure of laming your forum. One user tried to do the same thing when I deleted his post containing some very offensive material on my forum. He tried to use the phpBB exploit that I mentioned, and failed because I upgraded to 2.0.13 already :) .Anyway, I hope that the 2.0.13 version is the last security upgrade version, because the phpBB developer team is working hard to release a new version with a bunch of new features, and I would hate to see them be busy with releasing new patches for security holes instead...

Share this post


Link to post
Share on other sites

If you are dumb enough to give up half a year of your life and search for a potential security risk in the Apache source code...

But, what the heck did you mean by saying that?
If any site can be "broken", than the Internet wouldn't exist at all!
A few exploits are found here and there, but if your site is down, it's probably your fault that you didn't update your server software on time.

Btw:
http://forums.xisto.com/no_longer_exists/ <---- Break it

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.