It seems a very bad period for the software that we're using here, phpBB from http://phpbb.com.
http://phpbb.com was recently attacked by :
[i:cc048f48fa]"a group of hackers/crackers who (based on available information apparently corroborated by said hackers/crackers) used an exploit in awstats to gain entry."[/i:cc048f48fa]
Now the situation is confused because they don't know exactly how they gained access to the site. phpBB recently had a lot of attacks by hackers/crackers who succeded in modify the files using some codes in the text of the message.
They also use google in a way that I'm not able to fully understand, and infact in the last period we had a lot of guests connected to the site and the sytem says that they are bots from search engines...
I'm backing up the site on a regular basis, but something could happen... I hope no, but in the worst case I will have to change the software to a different one even if I :heartbeat: phpBB because it's a free software made in open source...
Anyway, just to prevent strange things, I'll restrict the access to the site only to registered members and close the possibility to view the site to guest users.
I'll "reopen" the site when I'll know more about the situation. Actually you can see what's happening on http://phpbb.com
Personally I upgraded the site to the last security patches
Subject: Hacking attempts against phpbb...
Last edited by Tormie on 11 Feb 2005 10:43; edited 3 times in total
Last edited by Tormie on 11 Feb 2005 10:43; edited 3 times in total
Subject:
DRATS! Until this situation is resolved, I will stop recommending this site to others. That way you won't have to hand process their applications too.
Pangor
Pangor
Subject:
:crybaby: :crybaby: :crybaby:
Subject:
Torm, make sure all your passwords are at least 8 characters, and complex. but yet easy enough for you and you alone to remember. I would also keep an eye on updates, chances are the makers of the software are aware of the situation and are working to resolve the issue. keep it as up to date as possible with current updates. stay away from beta releases, release candidates and such as they have not been completely tested and could be causing more harm then good.
Password complexity is probably the most important. Hackers have software that they use to "brute force hack" websites. which is basically a program designed to fire passwords at a server untill it gains access. by adding numbers and punctuation to a password, you are making that softwares job all that much harder.
a bad password example would be something like - landmanb
however I can make this password much more complex by simply adding numbers - l4ndm4nb
I can further it by capitalizing each letter before the number - L4ndM4nb
add some other non alpha numeric character - L4nd$M4nb
keep in mind it would still be vulnerable to a brute force hack, however with the proper encryption, they would need a bunch of computers all working together on the algorythm for such a long period of time, an Administrator would probably notice the failed attempts and act on it.
Password complexity is probably the most important. Hackers have software that they use to "brute force hack" websites. which is basically a program designed to fire passwords at a server untill it gains access. by adding numbers and punctuation to a password, you are making that softwares job all that much harder.
a bad password example would be something like - landmanb
however I can make this password much more complex by simply adding numbers - l4ndm4nb
I can further it by capitalizing each letter before the number - L4ndM4nb
add some other non alpha numeric character - L4nd$M4nb
keep in mind it would still be vulnerable to a brute force hack, however with the proper encryption, they would need a bunch of computers all working together on the algorythm for such a long period of time, an Administrator would probably notice the failed attempts and act on it.
Subject:
I know the rules for passwords Landman, but the problem is more complex. The passwords are encrypted with a md5 algorythm and the program ban the user for 15 minutes when he/she fails three times, so a brute force could need years and to gain the access here and it doesn't worth the effort.
I've not the direct link but I'll search it because it could be interesting to read something about the matter for you and Pangor and everybody interested (anyway the informations are on phpbb.com and actually they are down...lol) . This crackers pass the nasty code using the posting feature of the board (php code) and the last time the automatic process "defaced" a lot of pages on attacked sites overwriting the original files.
This time it seems that they used an "awstat" something directly on the server, This shouldn't involve the phpBB software but they are investigating. In any case it's not something linked to the passwords.
I have to say that here at godaddy the configuration for the board is very funny and strange because the files are on a server and the database is on a totally different one. Infact they changed us the database but left the files on the same old server. It was very difficult to setup the forum here, I've done it reading a lot of tutorial and modifying some files because of other strange peculiarities of godaddy 8-[ ... On ather server it is enough to write "localhost" to point to the database, here the database is on a different encrypted server, so I hope that in case of an attack, the most important thing which is the database, with all the posts and the informations, should be safe (I can easily replace the files and the graphics with a backup copy).
The most bad thing abotu what happened is that they attacked an open source site, not a "big one" like micro$oft, Ibm etc., people who gains nothing from their fantastic work [-X [-X [-X ...
I've not the direct link but I'll search it because it could be interesting to read something about the matter for you and Pangor and everybody interested (anyway the informations are on phpbb.com and actually they are down...lol) . This crackers pass the nasty code using the posting feature of the board (php code) and the last time the automatic process "defaced" a lot of pages on attacked sites overwriting the original files.
This time it seems that they used an "awstat" something directly on the server, This shouldn't involve the phpBB software but they are investigating. In any case it's not something linked to the passwords.
I have to say that here at godaddy the configuration for the board is very funny and strange because the files are on a server and the database is on a totally different one. Infact they changed us the database but left the files on the same old server. It was very difficult to setup the forum here, I've done it reading a lot of tutorial and modifying some files because of other strange peculiarities of godaddy 8-[ ... On ather server it is enough to write "localhost" to point to the database, here the database is on a different encrypted server, so I hope that in case of an attack, the most important thing which is the database, with all the posts and the informations, should be safe (I can easily replace the files and the graphics with a backup copy).
The most bad thing abotu what happened is that they attacked an open source site, not a "big one" like micro$oft, Ibm etc., people who gains nothing from their fantastic work [-X [-X [-X ...
Subject:
Me either. What does "this" refer to? That seems a bit negative. "" here at godaddy the configuration for the board is very funny and strange because the files are on a server and the database is on a totally different one ? I get . Oh those people.
Subject:
Thanks I like you a lot too TORMENTOR.
Subject:
Tormie wrote:
The most bad thing abotu what happened is that they attacked an open source site, not a "big one" like micro$oft, Ibm etc., people who gains nothing from their fantastic work.
You're right! These bloody f**ckers are overall, they aren't good enough to hack commercial sites,
but they wanted to be "the great hacker" and therefore they try to hack small sites, private sites
and so on - bloody stupid guys :x
The most bad thing abotu what happened is that they attacked an open source site, not a "big one" like micro$oft, Ibm etc., people who gains nothing from their fantastic work.
You're right! These bloody f**ckers are overall, they aren't good enough to hack commercial sites,
but they wanted to be "the great hacker" and therefore they try to hack small sites, private sites
and so on - bloody stupid guys :x
Subject:
In fact that because it is popular open source, free software coule be the reason that it was targeted. I have seen many such attempted attacks caused by fanatics who are opposed free software and/or open source who try everything that they can to discredit it.
What bothers me even more about this attacks is that according to the announcement on their tempory page it was caused by a problem in the server, raher than in this software, still board using the software are being taken down by the hosting companies.
This reminds me of a sucessful cracker a few years ago. The main website of some open source software (I forget which software it was.) was attacked and defaced. Compared to what could have been done, the damage was mild and limited to defacing the main page. In the end it turned out that it was the hosting companys http server that was cracked, the hosting company had reciently moved that website from a platform running Apache to one running IIS. It was IIS that was compromised, but the people who were oppoed to open source ran a FUD propaganda campain against the open source software that was hosted on the site. Other websites on the same groups of servers were also defaced including those of commercial software vendors. Not much was said of that by those spreading the FUD.
Pangor
What bothers me even more about this attacks is that according to the announcement on their tempory page it was caused by a problem in the server, raher than in this software, still board using the software are being taken down by the hosting companies.
This reminds me of a sucessful cracker a few years ago. The main website of some open source software (I forget which software it was.) was attacked and defaced. Compared to what could have been done, the damage was mild and limited to defacing the main page. In the end it turned out that it was the hosting companys http server that was cracked, the hosting company had reciently moved that website from a platform running Apache to one running IIS. It was IIS that was compromised, but the people who were oppoed to open source ran a FUD propaganda campain against the open source software that was hosted on the site. Other websites on the same groups of servers were also defaced including those of commercial software vendors. Not much was said of that by those spreading the FUD.
Pangor
Subject:
What did it look like to you? Interesting comparison. What does "it" refer to? Which others? I am a female. Are you a man or a woman?
Subject:
Yes, but the good thing about open source software is, as easy at it is for a hacker too look at the source code and figure out an exploit, it is just as easy for anyone else to look at the code and figure out a way to patch it....
Honestly Torm, I would not worry about it too much. For one, you have all the necessary back-ups to rebuild it, secondly, I doubt the liklyhood of them targeting this site are probably slim, therefor the prcautions you took if anything will be adequate. I can't see anyone wanting to waste a bunch of time on one site that takes precautions of disallowing anonymous posting to a site that won't.
Honestly Torm, I would not worry about it too much. For one, you have all the necessary back-ups to rebuild it, secondly, I doubt the liklyhood of them targeting this site are probably slim, therefor the prcautions you took if anything will be adequate. I can't see anyone wanting to waste a bunch of time on one site that takes precautions of disallowing anonymous posting to a site that won't.
Subject:
And another? Would you like to be able to see it?
Subject:
show it too me sweetie.... :-s
Page 1 of 3
You cannot post new topicsYou cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You cannot download files
You cannot post calendar events