8 replies [Last post]
Tony
Tony's picture
Offline
Moderator
Brisbane
Last seen: 19 hours 6 min ago
Brisbane
Timezone: GMT+10
Joined: 2003-03-12
Posts: 5343
Points: 2964

As most of you know the CSS Forum was hacked.
If you run or know someone that runs a phpBB forum make sure it gets updated.

The hacker gained admin access to phpBB, sent out email to many of the members and caused minor disturbance to the forum by deleting a forum from the database.

I still can't believe I didn't notice straight away that the CSS Layout forum was deleted along with the moderator groups.

Everything should be back to normal now, I have restored the database and upgraded phpBB.
We lost a day or so postings from the CSS Layout forum, but overall came out of it pretty well.

Thanks to everyone that PM, posted or emailed to notifying me of the problems.

DCElliott
DCElliott's picture
Offline
Leader
Halifax, Canada
Last seen: 3 years 30 weeks ago
Halifax, Canada
Timezone: GMT-3
Joined: 2004-03-22
Posts: 828
Points: 0

Hacked Forums

What version are you now running, Tony, and did you have to reinstall the attachments mod? Also - you have made some major template changes, how did that work out?

DE

David Elliott

Before you ask
LearnXHTML|CSS
ValidateHTML|CSS

Tony
Tony's picture
Offline
Moderator
Brisbane
Last seen: 19 hours 6 min ago
Brisbane
Timezone: GMT+10
Joined: 2003-03-12
Posts: 5343
Points: 2964

Hacked Forums

Hi DCElliot,
I'm running the latest version, 2.013.

Updating phpBB
I used the changed file method and went manually through each of the changed files and compared it with the old file.
Then copied each of the Mods to the new file, or the other way depending on which file had the most changes.
It really didn't take too long since I have commented most of the changes or mods made.

Then I test it locally before uploading the files.

Restoring the Missing Data
I had a backup of the whole site from cpanel from two days before.
So I extracted the sql query which was 144 MB, quite large, then copied the sections for the tables required into another file.
I ended up with insert querys for the forums, posts, posts_text, topics, and ranks tables.
Since MySQL ignores or throws up an error, if the Primary Key from an insert already exists, I didn't have to filter for just the rows missing.
The sql file was still about 30 MB but much easier on the server.
Again I tested it locally and found I had forgotten to tell mysql which database to use.
So I put "use my_phpbbdb" at the top of the file, I could have just changed database from the prompt.

Then I uploaded it and logged onto mySQL on the server and ran "source /path/filename.sql" from the prompt.

Hugo
Hugo's picture
Offline
Moderator
London
Last seen: 5 years 47 weeks ago
London
Joined: 2004-06-06
Posts: 15668
Points: 2806

Hacked Forums

I guess this was the admin exploit that so many phpbb forums are falling foul of, I noticed that the support forums are recommending that people .htaccess password protect their admin folder for an added layer of security, thought I'd mention it just in case, although I'm sure I'm teaching my grandmother to suck eggs Smile

Hugo.

Before you make your first post it is vital that you READ THE POSTING GUIDELINES!
----------------------------------------------------------------
Please post ALL your code - both CSS & HTML - in [code] tags
Please validate and ensure you have included a full Doctype before posting.
Why validate? Read Me

fambi
Offline
Enthusiast
Last seen: 12 years 28 weeks ago
Joined: 2004-08-26
Posts: 269
Points: -1

Hacked Forums

That's really sick!

Congrats for getting out of alright!

bpat1434
bpat1434's picture
Offline
Enthusiast
Last seen: 12 years 46 weeks ago
Timezone: GMT-5
Joined: 2004-09-17
Posts: 127
Points: 0

Hacked Forums

Wow, all I have to say is that you did a great job.

There is no full proof way to safe guard against attacks. If there's a will there's a way (DVD ripping, Music Stealing, Robberies, Murders, Assasinations... you get the picture).

And Tony, are you going to upgrade to v3 right away, or are you going to wait? Just wondering what is in store for cssCreator.

~Brett

~Brett

Tony
Tony's picture
Offline
Moderator
Brisbane
Last seen: 19 hours 6 min ago
Brisbane
Timezone: GMT+10
Joined: 2003-03-12
Posts: 5343
Points: 2964

Hacked Forums

Hi Brett,
Very good question,
Usually it's wise to wait a while when new software is released, so that others can sort out the bugs.
On the other hand if it is a security release or bug fix it would be wise to upgrade straight away.

I haven't looked at V3 but if it is a new feature release, I will be waiting a week or possible longer.

nix
nix's picture
Offline
Enthusiast
(n): a position or site occupied or available for occupancy or marked by some distinguishing feature
Last seen: 11 years 27 weeks ago
(n): a position or site occupied or available for occupancy or marked by some distinguishing feature
Timezone: GMT-4
Joined: 2003-08-12
Posts: 159
Points: 0

Hacked Forums

I can just picture the cracker now.

"I hacked a forum! I caused minor mayhem!"
*giggles and runs away

Bunch of losers. I can't understand the destructive nature of some people.

I refuse to be like the faceless masses of sheep and have a signatu......awwwwwwwww CRAP!!

Backups? Ha! I've never had troub**&{[}$$ERROR NO CARRIER

Tristan
Offline
newbie
Last seen: 15 years 36 weeks ago
Joined: 2005-03-29
Posts: 7
Points: 0

Hacked Forums

very smart attitude...

especially for a forum defending no political position, which not sell anything and which is just here to help people...
:-s