Jump to content

Recommended Posts

Posted

I host a phpBB forum on my site and recently someone accessed the account of one of my members without permission. The IP was logged by phpBB and also by my site logs from TCH.

 

It seems a password was guessed or hacked. Obviously I am unhappy about this. Can I take any action against the person responsible?

Posted

welcome to the forum Honeymoon :)

 

It depends if you can find out who they really are. for example if that is their real IP address, and where in the world they are.

 

Number one priority, to be honest, is to ensure your scripts are fully uptodate, and passwords secure.

Posted
welcome to the forum Honeymoon :)

 

It depends if you can find out who they really are. for example if that is their real IP address, and where in the world they are.

 

Number one priority, to be honest, is to ensure your scripts are fully uptodate, and passwords secure.

 

Thanks for the welcome Andy. I totally agree regarding the number one priority. My own passwords etc are secure and I have advised my forum members to have secure passwords. That is all I can do.

 

I have an IP which I believe to be real. It is a broadband provider in the UK, where I myself live, and unlikely to be a proxy. Private areas of the forum were accessed and private information from them was retrieved by the hacker.

Posted
Since it's all in the UK you could potentially do something - yes.

 

You can contact the police, computer crime unit, who deal with hacking.

 

Thanks again Andy.

 

And thanks to Bruce for the welcome.

Posted

And just to reiterate...aside from making sure passwords are secure, you really need to keep up with any updates to phpbb as soon as they are released. phpbb seems to be a common target for hacks. I believe that when you log in as admin on phpbb, it will tell you if there are any updates available at the bottom of the page.

 

Good luck getting to the bottom of this.

  • 2 months later...
Posted

;)

 

Want to Give a Big Thank You To TCH-Andy :( We Were Hacked Through One of Our PHP Boards..in Fact They Hacked Three of Them!!!!! We Now Use The SMF provided in Fantisico.....

Posted

Welcome to the forums Smitty :(

 

You're welcome ;) I really don't like hackers ;) keep the SMF uptodate at the recent version and you should be fine though :)

Posted

SMF, like a lot of big forum scripts, limits the amount of failed log ins an IP can make before banning them. I believe phpBB 3 (Olympus) has this feature but is still at RC1. Most now also let you set a security level on the password they put in to make sure they are secure.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...