Someone Hacked My Forums :(
eliotmat
Join Date: 2002-12-01 Member: 10350Members, Reinforced - Shadow
Join Date: 2002-12-01 Member: 10350Members, Reinforced - Shadow
<div class="IPBDescription">Possibly same person that did these?</div> Someone recently hacked into my forums and deleted my account.
So, if anyone has a list of the names/IPs suspected of corrupting these I would like to cross-reference mine with them.
I hate to be accusational, but the culprit is probably the same person/group who hacked these forums because these boards are the only place you'll find my eEnemies.
If anyone has any info please PM me as soon as possible.
<!--emo&::asrifle::--><img src='http://www.unknownworlds.com/forums/html/emoticons/asrifle.gif' border='0' style='vertical-align:middle' alt='asrifle.gif' /><!--endemo--> -->meanies<--
So, if anyone has a list of the names/IPs suspected of corrupting these I would like to cross-reference mine with them.
I hate to be accusational, but the culprit is probably the same person/group who hacked these forums because these boards are the only place you'll find my eEnemies.
If anyone has any info please PM me as soon as possible.
<!--emo&::asrifle::--><img src='http://www.unknownworlds.com/forums/html/emoticons/asrifle.gif' border='0' style='vertical-align:middle' alt='asrifle.gif' /><!--endemo--> -->meanies<--
Comments
Whether you want to call it an exploit or hack, someone was able to invade my forums and corrupt the site admin account.
if you can manipulate mysql tables, you might be able to recover the corrupted account, otherwise you will probably have to reinstall the board, i hope you made backups...
And you're SURE it wasn't something you did? Or if you left an easy to guess password or something...
And you're SURE it wasn't something you did? Or if you left an easy to guess password or something... <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
I haven't used any admin features in weeks. I've only read/replied posts.
I have other master admins, but I was the "site admin". I'm not sure if there were any features that a site admin would have that a master admin wouldn't.
edit: Now that I think about it. Someone destroyed my account on modns forums recently too, but Depot fixed me back up.
Why doesn't this community like one of its advocates?
How do you disguise the second account? With IB you'd have to assign them to a recognizeable group e.g. Forum Admins.
<!--QuoteBegin-eliotmat Jul 9 2005+ 03:45 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (eliotmat Jul 9 2005 @ 03:45 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
edit: Now that I think about it. Someone destroyed my account on modns forums recently too, but Depot fixed me back up.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
I doubt this was related to your problem on modNS.org Forums eliotmat. For some odd reason you couldn't access your account, and you were not restricted whatsoever. <!--emo&???--><img src='http://www.unknownworlds.com/forums/html/emoticons/confused-fix.gif' border='0' style='vertical-align:middle' alt='confused-fix.gif' /><!--endemo-->
Thanks, Viper. I'm going to see about updating it tonight.
Yes, and he's asking whoever knows the IP of the hacker from <i>these</i> forums to cross-check.
Thanks, Viper. I'm going to see about updating it tonight. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
And this raises another interesting question: <b>Given current updates have been applied, which forum is more secure, phpbb or InvisionBoard?</b>
From the traffic on BugTraq, it really looks like some combination of PHPbb being worse and InvisionBord being less used. There are gaping holes in anything before PHPbb 2.0.16 or InvisionBoard 2.0.4.
If you are using *any* PHP-based software go into the source and look for *at least* calls to eval and preg_replace with a /e modifier. Either convince yourself they are adequately protected, or get someone else to look at it. These are usually where breaks will occur, because the authors trust PHP's backslashification far too much.
An easy example is GeekLog, which had a handfull of trivial preg_replace holes. They were "solved" in a newer version through a braindead hack that, among other things, makes it impossible to search for strings containing apostrophes. How hard is it for these people to simply URL-encode incoming strings? Good grief...
From the traffic on BugTraq, it really looks like some combination of PHPbb being worse and InvisionBord being less used. There are gaping holes in anything before PHPbb 2.0.16 or InvisionBoard 2.0.4.
If you are using *any* PHP-based software go into the source and look for *at least* calls to eval and preg_replace with a /e modifier. Either convince yourself they are adequately protected, or get someone else to look at it. These are usually where breaks will occur, because the authors trust PHP's backslashification far too much.
An easy example is GeekLog, which had a handfull of trivial preg_replace holes. They were "solved" in a newer version through a braindead hack that, among other things, makes it impossible to search for strings containing apostrophes. How hard is it for these people to simply URL-encode incoming strings? Good grief... <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
I wish I knew what any of that meant. <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin-fix.gif' border='0' style='vertical-align:middle' alt='biggrin-fix.gif' /><!--endemo-->
How do you disguise the second account? With IB you'd have to assign them to a recognizeable group e.g. Forum Admins.
<!--QuoteBegin-eliotmat Jul 9 2005+ 03:45 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (eliotmat Jul 9 2005 @ 03:45 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
edit: Now that I think about it. Someone destroyed my account on modns forums recently too, but Depot fixed me back up.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
I doubt this was related to your problem on modNS.org Forums eliotmat. For some odd reason you couldn't access your account, and you were not restricted whatsoever. <!--emo&???--><img src='http://www.unknownworlds.com/forums/html/emoticons/confused-fix.gif' border='0' style='vertical-align:middle' alt='confused-fix.gif' /><!--endemo--> <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
if your using ipb, you can create a group that looks just like members or whatnot, just add a space or something, then hide that group so people dont know its there.
for phpbb, you can assign people priveleges without giving them a title of admin.
its not really that hard.
No, not really. I'm more cynical than that, hence the "or get someone else to look at it". Paragraph 3 is really a rant to developers.
Explaining how the PHP security holes tend to occur in a way that is comprehensible to most people is a little, uhm, rough. Given a few lecture hours I would take a shot at it, but there are a <a href='http://www.ilovejackdaniels.com/php/writing-secure-php/' target='_blank'>lot of</a> <a href='http://www.onlamp.com/pub/a/php/2003/03/20/php_security.html' target='_blank'>other</a> <a href='http://forevergeek.com/programming/writing_secure_php.php' target='_blank'>discussions</a> around already, and I'm not teaching that course.
A fairly common analogy is that software is like a car: there are a lot of underlying details that you really do not need to know about to operate it. Unfortunately, putting something on the Internet means you are inviting every criminal, whack-job and bot in the world to take a shot at breaking into it. Little errors, both on the part of the original developers and the site administrators *will* leave big holes. PHP (and similar) being easy unfortunately results in a lot of developers that have only half a clue about security; a lot of this code makes Microsoft look good. So, the site administrator needs to be more paranoid...
(Quick example: GrokLaw, big pseudolegal blog. Was running a customized version of an outdated GeekLog, sysadmin had been too busy to dig through it. An appropriately mangled request could run arbitrary PHP code on the server.)
If my rant gets one more person to actually think about the security (even in an "I have *no* idea what this means, I'd better get someone to help" way), it means just that many fewer zombies.
And that was much longer than I originally intended, sorry.