♥ PosetteForever ♥
Whip The Admins... - Hacking attempts against phpbb...
Tormie [ Friday, 11 February 2005, 12:51 AM ]
Post subject: Hacking attempts against phpbb...
It seems a very bad period for the software that we're using here, phpbb from <a class="post-url" href="http://phpbb.com" target="_blank">http://phpbb.com.</a>
<br />
<br />
<a class="post-url" href="http://phpbb.com" target="_blank">http://phpbb.com</a> was recently attacked by :
<br />
<br />
[i:cc048f48fa]"a group of hackers/crackers who (based on available information apparently corroborated by said hackers/crackers) used an exploit in awstats to gain entry."[/i:cc048f48fa]
<br />
<br />
Now the situation is confused because they don't know exactly how they gained access to the site. Phpbb recently had a lot of attacks by hackers/crackers who succeded in modify the files using some codes in the text of the message.
<br />
They also use google in a way that I'm not able to fully understand, and infact in the last period we had a lot of guests connected to the site and the sytem says that they are bots from search engines...
<br />
<br />
I'm backing up the site on a regular basis, but something could happen... I hope no, but in the worst case I will have to change the software to a different one even if I <img src="https://www.posetteforever.com/images/smiles/heartbeat.gif" alt="" /> phpbb because it's a free software made in open source...
<br />
<br />
Anyway, just to prevent strange things, I'll restrict the access to the site only to registered members and close the possibility to view the site to guest users.
<br />
<br />
I'll "reopen" the site when I'll know more about the situation. Actually you can see what's happening on <a class="post-url" href="http://phpbb.com" target="_blank">http://phpbb.com</a>
<br />
<br />
<br />
Personally I upgraded the site to the last security patches
Anonymous [ Friday, 11 February 2005, 10:00 AM ]
Post subject:
DRATS! Until this situation is resolved, I will stop recommending this site to others. That way you won't have to hand process their applications too.
<br />
<br />
Pangor
Tormie [ Friday, 11 February 2005, 10:13 AM ]
Post subject:
<img src="https://www.posetteforever.com/images/smiles/crybaby2.gif" alt="" /> <img src="https://www.posetteforever.com/images/smiles/crybaby2.gif" alt="" /> <img src="https://www.posetteforever.com/images/smiles/crybaby2.gif" alt="" />
Landman [ Friday, 11 February 2005, 04:25 PM ]
Post subject:
Torm, make sure all your passwords are at least 8 characters, and complex. but yet easy enough for you and you alone to remember. I would also keep an eye on updates, chances are the makers of the software are aware of the situation and are working to resolve the issue. keep it as up to date as possible with current updates. stay away from beta releases, release candidates and such as they have not been completely tested and could be causing more harm then good.
<br />
<br />
Password complexity is probably the most important. Hackers have software that they use to "brute force hack" websites. which is basically a program designed to fire passwords at a server untill it gains access. by adding numbers and punctuation to a password, you are making that softwares job all that much harder.
<br />
<br />
a bad password example would be something like - landmanb
<br />
however I can make this password much more complex by simply adding numbers - l4ndm4nb
<br />
I can further it by capitalizing each letter before the number - L4ndM4nb
<br />
add some other non alpha numeric character - L4nd$M4nb
<br />
<br />
keep in mind it would still be vulnerable to a brute force hack, however with the proper encryption, they would need a bunch of computers all working together on the algorythm for such a long period of time, an Administrator would probably notice the failed attempts and act on it.
Tormie [ Friday, 11 February 2005, 04:56 PM ]
Post subject:
I know the rules for passwords Landman, but the problem is more complex. The passwords are encrypted with a md5 algorythm and the program ban the user for 15 minutes when he/she fails three times, so a brute force could need years and to gain the access here and it doesn't worth the effort.
<br />
<br />
I've not the direct link but I'll search it because it could be interesting to read something about the matter for you and Pangor and everybody interested (anyway the informations are on phpbb.com and actually they are down...lol) . This crackers pass the nasty code using the posting feature of the board (php code) and the last time the automatic process "defaced" a lot of pages on attacked sites overwriting the original files.
<br />
<br />
This time it seems that they used an "awstat" something directly on the server, This shouldn't involve the phpbb software but they are investigating. In any case it's not something linked to the passwords.
<br />
<br />
I have to say that here at godaddy the configuration for the board is very funny and strange because the files are on a server and the database is on a totally different one. Infact they changed us the database but left the files on the same old server. It was very difficult to setup the forum here, I've done it reading a lot of tutorial and modifying some files because of other strange peculiarities of godaddy <img src="https://www.posetteforever.com/images/smiles/eusa_shifty.gif" alt="" /> ... On ather server it is enough to write "localhost" to point to the database, here the database is on a different encrypted server, so I hope that in case of an attack, the most important thing which is the database, with all the posts and the informations, should be safe (I can easily replace the files and the graphics with a backup copy).
<br />
<br />
The most bad thing abotu what happened is that they attacked an open source site, not a "big one" like micro$oft, Ibm etc., people who gains nothing from their fantastic work <img src="https://www.posetteforever.com/images/smiles/eusa_naughty.gif" alt="" /> <img src="https://www.posetteforever.com/images/smiles/eusa_naughty.gif" alt="" /> <img src="https://www.posetteforever.com/images/smiles/eusa_naughty.gif" alt="" /> ...
Posy [ Friday, 11 February 2005, 04:56 PM ]
Post subject:
Me either. What does "this" refer to? That seems a bit negative. "" here at godaddy the configuration for the board is very funny and strange because the files are on a server and the database is on a totally different one ? I get . Oh those people.
Tormie [ Friday, 11 February 2005, 04:56 PM ]
Post subject:
Thank you Posy darling. I love you !
Posy [ Friday, 11 February 2005, 04:56 PM ]
Post subject:
Thanks I like you a lot too TORMENTOR.
Poserkatz [ Friday, 11 February 2005, 05:02 PM ]
Post subject:
Tormie wrote:
<br />
<br />
The most bad thing abotu what happened is that they attacked an open source site, not a "big one" like micro$oft, Ibm etc., people who gains nothing from their fantastic work.
<br />
<br />
<br />
You're right! These bloody f**ckers are overall, they aren't good enough to hack commercial sites,
<br />
but they wanted to be "the great hacker" and therefore they try to hack small sites, private sites
<br />
and so on - bloody stupid guys <img src="https://www.posetteforever.com/images/smiles/mad.gif" alt="" />
Anonymous [ Friday, 11 February 2005, 05:43 PM ]
Post subject:
In fact that because it is popular open source, free software coule be the reason that it was targeted. I have seen many such attempted attacks caused by fanatics who are opposed free software and/or open source who try everything that they can to discredit it.
<br />
<br />
What bothers me even more about this attacks is that according to the announcement on their tempory page it was caused by a problem in the server, raher than in this software, still board using the software are being taken down by the hosting companies.
<br />
<br />
This reminds me of a sucessful cracker a few years ago. The main website of some open source software (I forget which software it was.) was attacked and defaced. Compared to what could have been done, the damage was mild and limited to defacing the main page. In the end it turned out that it was the hosting companys http server that was cracked, the hosting company had reciently moved that website from a platform running Apache to one running IIS. It was IIS that was compromised, but the people who were oppoed to open source ran a FUD propaganda campain against the open source software that was hosted on the site. Other websites on the same groups of servers were also defaced including those of commercial software vendors. Not much was said of that by those spreading the FUD.
<br />
<br />
Pangor
Posy [ Friday, 11 February 2005, 05:44 PM ]
Post subject:
What did it look like to you? Interesting comparison. What does "it" refer to? Which others? I am a female. Are you a man or a woman?
Landman [ Friday, 11 February 2005, 06:14 PM ]
Post subject:
Yes, but the good thing about open source software is, as easy at it is for a hacker too look at the source code and figure out an exploit, it is just as easy for anyone else to look at the code and figure out a way to patch it....
<br />
<br />
Honestly Torm, I would not worry about it too much. For one, you have all the necessary back-ups to rebuild it, secondly, I doubt the liklyhood of them targeting this site are probably slim, therefor the prcautions you took if anything will be adequate. I can't see anyone wanting to waste a bunch of time on one site that takes precautions of disallowing anonymous posting to a site that won't.
Posy [ Friday, 11 February 2005, 06:14 PM ]
Post subject:
And another? Would you like to be able to see it?
Landman [ Friday, 11 February 2005, 06:14 PM ]
Post subject:
show it too me sweetie.... <img src="https://www.posetteforever.com/images/smiles/eusa_eh.gif" alt="" />
Anonymous [ Friday, 11 February 2005, 06:27 PM ]
Post subject:
Looks like Posy is off on her own tangent again.
<br />
<br />
Pangor
Posy [ Friday, 11 February 2005, 06:27 PM ]
Post subject:
Once more? Interesting comparison.
Tormie [ Friday, 11 February 2005, 08:22 PM ]
Post subject:
Thank you friends, I think that Posetteforever should be an easy target because I'm not a coder and I applied the security patches without really knowing what I was making, yes, they were correct but who knows ? In any case I've the backups..
<br />
<br />
Thinking about the hacking attempts, I found a very easy way to get all the informations about a site: I was installing the new album and got an error, so i filled my search engine software with this error just to find a solution. I found a lot of sites with the same error, and the error page was there, uncorrected. This software require the name and password to access the site in the configuration menu, so it was simple to press the menu's "back" button and simply look at those infos...
<br />
<br />
But I'm a good guy <img src="https://www.posetteforever.com/images/smiles/eusa_angel.gif" alt="" /> and only left a XXX pic...
Posy [ Friday, 11 February 2005, 08:22 PM ]
Post subject:
You are quite welcome! It's hard to stay friends for a long time.
Tormie [ Friday, 11 February 2005, 08:22 PM ]
Post subject:
But we'll try... Or not ?
Posy [ Friday, 11 February 2005, 08:22 PM ]
Post subject:
Umm. Anytime soon? Are you serious?
Tormie [ Friday, 11 February 2005, 08:23 PM ]
Post subject:
Yes.... Ehm, Posy, you're not supposed to be here... What happened ? Are you trying to hack the site ?
Posy [ Friday, 11 February 2005, 08:23 PM ]
Post subject:
Perhaps there was an interruption in my brain. No I am not trying to hack the site. I'm sorry you got that impression.
Tormie [ Friday, 11 February 2005, 08:24 PM ]
Post subject:
I joked, I know you're honest
The Mighty Zeus [ Sunday, 13 February 2005, 12:45 AM ]
Post subject:
Over at ladderhall we used to use the phpbb set up but switched to Invision Power Board (http://www.invisionboard.com/). IPB has a lot less security issues with it and the set up is about the same. Just an alternative that you may want to look into.
Posy [ Sunday, 13 February 2005, 12:45 AM ]
Post subject:
Where did IPB get a lot less security issues with it and the set up is about the same?
Tormie [ Sunday, 13 February 2005, 12:48 AM ]
Post subject:
Thank you Mighty, I alreadu tried the IPB board but it's not a full open source project and so I don't like it too much... There at phpbb are building the "olympus" 3.0 phpbb, but I become desperate only thinking about to upgrade the site to a diffrente forum version !! I made all the graphic changes by hands...
<br />
<br />
I've to give a deeper look at your site...
Tormie [ Monday, 14 February 2005, 08:30 AM ]
Post subject:
Ok, now phpbb.com it' online again. The didn't explained very well what's happened but I decided to reopen the "view all" mode for guest and base the security on the backups hoping that no one will have a bad interest in posetteforever (except the evil ogre <img src="https://www.posetteforever.com/images/smiles/eusa_shifty.gif" alt="" /> ). To see phpbb dow shocked me so much... <img src="https://www.posetteforever.com/images/smiles/crybaby2.gif" alt="" /> ...
<br />
<br />
Anyway when they'll release the new phpbb3.0 "Olympus" I'll try to upgrade to that version ... (sigh... a lot of work to do...)
The Mighty Zeus [ Monday, 14 February 2005, 03:52 PM ]
Post subject:
Hey you can't go wrong with anything named "Olympus" <img src="https://www.posetteforever.com/images/smiles/biggrin.gif" alt="" /> <img src="https://www.posetteforever.com/images/smiles/biggrin.gif" alt="" /> <img src="https://www.posetteforever.com/images/smiles/biggrin.gif" alt="" />
Anonymous [ Monday, 14 February 2005, 05:13 PM ]
Post subject:
Is the situation resolved to the point where I can again start, recommending this site to others who may like this place?
<br />
<br />
Pangor
Tormie [ Monday, 14 February 2005, 07:27 PM ]
Post subject:
I can't give you that big bribe pangor <img src="https://www.posetteforever.com/images/smiles/crybaby2.gif" alt="" /> (Tormie shows his empty pockets <img src="https://www.posetteforever.com/images/smiles/dontknow.gif" alt="" /> )
Anonymous [ Monday, 14 February 2005, 07:50 PM ]
Post subject:
No bribe needed or wanted. I will start to do so again. When I enconter someone on-line who I think would appreciate this place, I will recommend that they give Posette Forever a try.
<br />
<br />
Pangor
Landman [ Monday, 14 February 2005, 07:51 PM ]
Post subject:
I would like a bribe.... <img src="https://www.posetteforever.com/images/smiles/eusa_eh.gif" alt="" />
<br />
<br />
Any takers??? <img src="https://www.posetteforever.com/images/smiles/smile.gif" alt="" />
Don Vito Corleone [ Monday, 14 February 2005, 08:59 PM ]
Post subject:
A bribe for you Landmanno ? I've already told you something about your large amount of candies <img src="https://www.posetteforever.com/images/smiles/eusa_naughty.gif" alt="" /> ...
Posy [ Monday, 14 February 2005, 08:59 PM ]
Post subject:
What?
Tormie [ Monday, 14 February 2005, 09:00 PM ]
Post subject:
<img src="https://www.posetteforever.com/images/smiles/eusa_shifty.gif" alt="" /> <img src="https://www.posetteforever.com/images/smiles/eusa_shifty.gif" alt="" /> <img src="https://www.posetteforever.com/images/smiles/eusa_shifty.gif" alt="" />
Landman [ Monday, 14 February 2005, 09:17 PM ]
Post subject:
<img src="https://www.posetteforever.com/images/smiles/eusa_eh.gif" alt="" />
<br />
<br />
<br />
<blockquote class="quote"><div class="quote-nouser">Quote:</div><div class="post-text">
<br />
A bribe for you Landmanno ? I've already told you something about your large amount of candies ...
<br />
</div></blockquote>
<br />
<br />
<br />
<img src="https://www.posetteforever.com/images/smiles/eusa_eh.gif" alt="" />
<br />
<br />
I am legit....
<br />
honest.... <img src="https://www.posetteforever.com/images/smiles/eusa_eh.gif" alt="" />
Anonymous [ Monday, 14 February 2005, 11:37 PM ]
Post subject:
Tormentor, how did he get registered? Did you owe a favor?
<br />
<br />
Pangor
Tormie [ Monday, 14 February 2005, 11:41 PM ]
Post subject:
Oh yes, I wanted a part in a movie but the producer refused to give it to me ! So I asked for help to Don Vito and I had the part <img src="https://www.posetteforever.com/images/smiles/biggrin.gif" alt="" /> ...
<br />
<br />
I heard something about a horse's head but I haven't understood all <img src="https://www.posetteforever.com/images/smiles/eusa_shifty.gif" alt="" /> ...
Anonymous [ Tuesday, 15 February 2005, 12:04 AM ]
Post subject:
Oh, THAT was YOU.
<br />
<br />
<img src="https://www.posetteforever.com/images/smiles/wink.gif" alt="" />
<br />
<br />
Pangor
Posy [ Tuesday, 15 February 2005, 12:04 AM ]
Post subject:
And? I thought it was too.