Phpbb Forum Hacked And Deleted

[webgyrl]

Man... I went to visit the forum on my board today to find it's been hacked into and wiped.

 

http://www.natalie-brown.com/forum/

 

Anyone know how to restor this and is there a way to make sure it doesn't happen again?

 

I've submitted a trouble ticket to TCH, but I am not sure if this is in their realm of things fixable since it's an addon.

 

Why to idiots do these things?

 

Made me a little sad and grumpy, that's for sure!

 

 

Nat

Edited March 12, 2005 by webgyrl

[Head Guru]

No offense but we pleaded with every user on our servers.

 

We sent emails, we posted on the forums.

 

We begged, and pleaded.

 

It was a sad thing watching all the users responding to our pleas. There were upset users, angry users, users that cancelled and users that just plain were rude to us.

 

Now you know why we begged everyone to upgrade their 3rd party scripts.

 

Powered by phpBB 2.0.4 © 2001, 2002 phpBB Group

 

You didn't upgrade, and you paid the price.

[webgyrl]

Bill,

 

The sad thing is that I did get that email and I did do the upgrade via cPanel when I got the email.

 

Was there yet another upgrade that I missed hearing about?

 

I went right to cPanel and clicked upgrade, then went back and the version number changed on the bottom of my board. Was there something else I was supposed to do?

Edited March 12, 2005 by webgyrl

[Head Guru]

There have been so many upgrades to phpbb I can not remember.

 

I do know that the most recent release is 2.0.13

[webgyrl]

Bill,

 

The version I had was 2.0.13. That's what it said on the bottom of the board last time I logged in.

 

Well, there is no use crying over spilt milk. What can I do moving forward to ensure this doesn't happen?

 

And I did do an entire site back up a few weeks ago. Could I re-upload everything to the directory and then upgrade again. Would that restore most things?

 

It is such a bummer, but it's not the end of the world and it certainly isn't TCH's fault... you didn't write the software.

[Head Guru]

I responded to your ticket.

 

Please respond back.

[Head Guru]

If you have Instant Messenger give me a chat.

 

AOL & Yahoo = tchgurubill

 

MSN - tchgurubill@hotmail.com

 

I will do my best to help you.

[borfast]

Nat, sorry about what happened to your forums.

 

If you did have the latest version of phpBB (2.0.13) then it means that the hacker(s) entered either via an unknown (or at least no yet disclosed to the public) phpBB vulnerability or simply by using the front door, meaning they knew your password. How? Trojans, social engineering, etc...

 

Just to be on the safe side, I'd advise you to change your password, so they won't be able to use the same password again and run a full virus/spyware check on your computer.

[webgyrl]

I want to thank Bill (Head Guru) for all the tremendous help he gave me in restoring my forums. The fact that he took out personal time to help me was beyond anything I expected... so thanks Bill for the help. It's much appreciated!

 

A few notes to those using PHPBB:

 

1.) If you upgraded the board from cPanel be forewarned that it is NOT the latest version of PHPBB. I made the mistake of thinking that this was the latest release and that the hack holes would be filled, but it is not. According to my conversation with Bill, cPanel is the one who bundles the installs and upgrades and they are a few months behind in updates. Don't rely on cPanel for the latest PHPBB upgrade!

 

2.) Go to PHPBB and download the latest version and install it.

http://www.phpbb.com/downloads.php

 

3.) Back up!

 

Have fun and let's hope these hacker dudes and dudettes learn to put their obvious talents to better and more productive use!

Edited March 12, 2005 by webgyrl

[webgyrl]

Nat, sorry about what happened to your forums.

 

If you did have the latest version of phpBB (2.0.13) then it means that the hacker(s) entered either via an unknown (or at least no yet disclosed to the public) phpBB vulnerability or simply by using the front door, meaning they knew your password. How? Trojans, social engineering, etc...

 

Just to be on the safe side, I'd advise you to change your password, so they won't be able to use the same password again and run a full virus/spyware check on your computer.

<{POST_SNAPBACK}>

 

 

Raul... looks like I did have .11. I thought it was .13 but turns out the highest the cPanel upgrade goes is .11 right now. My bad.

 

Will run scan tonight.

 

Thanks!

[webgyrl]

OK just a quick question... for the upgrade.. should I download the "Changed Files Only" or the "Patch"?

http://www.phpbb.com/downloads.php

 

What would be the best way to upload them to the server? Thru cPanel or FTP? I've never done this kind of an upgrade before.

[webgyrl]

OK I did find some upgrade help.

Here is the link in case it helps anyone:

http://www.phpbb.com/support/guide/#section2_4

 

Just gotta make a backup of the DB before I do anything.

[webgyrl]

To backup the db >

 

Go to cPanel

"Site Management"

>Backup

 

> Download a MySQL Database Backup

Click DB Name

>save .gz file to local computer

Edited March 12, 2005 by webgyrl

[TCH-Don]

The quick way is cpanel > backup

click on the name of the database

to download a compressed file

which you can also upload the same way.

[webgyrl]

Thanks Don! I finally figured that out after pouring thru the Databases portion of cPanel.. thought it was there.... but it's in the Site Management section.

 

LOL I think I need some coffee! LOL

[webgyrl]

OK so just so you know...

 

To upgrade the board, you download the "Changed Files Only" zip and overwrite your existing files with those ones. Then you run the upgrade.php file in the install folder and that updates the board. When you are done you delete the install files. There are complete instructions in the zip file.

 

Board is now updated and I shall be more vigilant with updates!

Edited March 12, 2005 by webgyrl

[TCH-Don]

Thanks for all the info Nat!

I bet this will help some one else.

 

glad you have it all back.

 

 

 

I backup my database and the forum folder just in case.

[TCH-Thomas]

To Nat (Webgyrl) and all phpbb users,

 

If you are using Firefox, there is a "Live bookmark" on the phpbb website (or on the bottom to the right in your browser) you can use to keep track on updates.

Just click on the orange icon (see attached image) and choose "subscribe".

Then it works like any other folder in the bookmarks.

When a new version is released you will see a "new clickable bookmark" in this folder saying something like "phpBB 2.0.13 released - Critical update".

[borfast]

That's a cool thing, Thomas! I never thought much about live bookmarks but I guess they are useful after all

 

Thanks for the tip

[TCH-Thomas]

One thing I forgot to mention in my live bookmark post is you will still have to check this folder that is being created if there is a new version of the product.

So its still needed from the users side to check for new versions, but this way you dont have to visit the site or subscribe to a mailinglist.

[OldTimer]

You can also go here and join their email list to keep updated on latest updates and what not.

 

http://www.phpbb.com/support/

 

Greg

[Head Guru]

Nat -

 

I am just glad we were able to use a backup and get your forum restored.

 

It would have stunk loosing your forums.

 

Keep them updated as often as you can.

 

Oh, I think you're the one buying me lunch when we meet. Not the other way around.

 

Bill

[carbonize]

And the moral of the story? Don't use scripts from cPanel. Always go to the official source for your scripts and updates. I am part of the Advanced Guestbook support and several times I have been trying to help people who have installed it via cPanel to discover that cPanel had altered the scripts.

Edited March 19, 2005 by carbonize