Hacking attempts against phpbb...


Page 1 of 3
Goto page 1, 2, 3  Next
 

Post Hacking attempts against phpbb...

#1  Tormie 11 Feb 2005 00:51

It seems a very bad period for the software that we're using here, phpBB from http://phpbb.com.

http://phpbb.com was recently attacked by :

[i:cc048f48fa]"a group of hackers/crackers who (based on available information apparently corroborated by said hackers/crackers) used an exploit in awstats to gain entry."[/i:cc048f48fa]

Now the situation is confused because they don't know exactly how they gained access to the site. phpBB recently had a lot of attacks by hackers/crackers who succeded in modify the files using some codes in the text of the message.
They also use google in a way that I'm not able to fully understand, and infact in the last period we had a lot of guests connected to the site and the sytem says that they are bots from search engines...

I'm backing up the site on a regular basis, but something could happen... I hope no, but in the worst case I will have to change the software to a different one even if I   phpBB because it's a free software made in open source...

Anyway, just to prevent strange things, I'll restrict the access to the site only to registered members and close the possibility to view the site to guest users.

I'll "reopen" the site when I'll know more about the situation. Actually you can see what's happening on http://phpbb.com


Personally I upgraded the site to the last security patches
 




____________
 
Last edited by Tormie on 11 Feb 2005 10:43; edited 3 times in total 
avatar
it.png Tormie Gender: Male
Posette enthusiast
Posette enthusiast
Life + 1
Life + 1
Renderosity Ban
Renderosity Ban
 
Joined: March 2003
Posts: 8280
Tomatoes 72512
Lemons 50450
hearts 5031

  • Back to top Page bottom
 

Post 

#2  pangor 11 Feb 2005 10:00

DRATS!   Until this situation is resolved, I will stop recommending this site to others.  That way you won't have to hand process their applications too.

Pangor
 



 
avatar
 pangor 
Guest
 

  • Back to top Page bottom
 

Post 

#3  Tormie 11 Feb 2005 10:13

    
 




____________
 
avatar
it.png Tormie Gender: Male
Posette enthusiast
Posette enthusiast
Life + 1
Life + 1
Renderosity Ban
Renderosity Ban
 
Joined: March 2003
Posts: 8280
Tomatoes 72512
Lemons 50450
hearts 5031

  • Back to top Page bottom
 

Post 

#4  Landman 11 Feb 2005 16:25

Torm, make sure all your passwords are at least 8 characters, and complex. but yet easy enough for you and you alone to remember. I would also keep an eye on updates, chances are the makers of the software are aware of the situation and are working to resolve the issue. keep it as up to date as possible with current updates. stay away from beta releases, release candidates and such as they have not been completely tested and could be causing more harm then good.

Password complexity is probably the most important. Hackers have software that they use to "brute force hack" websites. which is basically a program designed to fire passwords at a server untill it gains access. by adding numbers and punctuation to a password, you are making that softwares job all that much harder.

a bad password example would be something like - landmanb
however I can make this password much more complex by simply adding numbers - l4ndm4nb
I can further it by capitalizing each letter before the number - L4ndM4nb
add some other non alpha numeric character - L4nd$M4nb

keep in mind it would still be vulnerable to a brute force hack, however with the proper encryption, they would need a bunch of computers all working together on the algorythm for such a long period of time, an Administrator would probably notice the failed attempts and act on it.
 




____________
I'd rather have a bottle in front of me then a frontal lobotomy.......

My grey matter is turning white, my proof is my grey hair....
 
avatar
 Landman Gender: Male
Posette enthusiast
Posette enthusiast
Life + 1
Life + 1
 
Joined: June 2003
Location: Grants Pass, Oregon (but http://www.iam.ca)
Posts: 930
Tomatoes 9180
Lemons 5100
hearts 0

  • Back to top Page bottom
 

Post 

#5  Tormie 11 Feb 2005 16:56

I know the rules for passwords Landman, but the problem is more complex. The passwords are encrypted with a md5 algorythm and the program ban the user for 15 minutes when he/she fails three times, so a brute force could need years and to gain the access here and it doesn't worth the effort.

I've not the direct link but I'll search it because it could be interesting to read something about the matter for you and Pangor and everybody interested (anyway the informations are on phpbb.com and actually they are down...lol) . This crackers pass the nasty code using the posting feature of the board (php code) and the last time the automatic process "defaced" a lot of pages on attacked sites overwriting the original files.

This time it seems that they used an "awstat" something directly on the server, This shouldn't involve the phpBB software but they are investigating. In any case it's not something linked to the passwords.

I have to say that here at godaddy the configuration for the board is very funny and strange because the files are on a server and the database is on a totally different one. Infact they changed us the database but left the files on the same old server. It was very difficult to setup the forum here, I've done it reading a lot of tutorial and modifying some files because of other strange peculiarities of godaddy   ... On ather server it is enough to write "localhost" to point to the database, here the database is on a different encrypted server, so I hope that in case of an attack, the most important thing which is the database, with all the posts and the informations, should be safe (I can easily replace the files and the graphics with a backup copy).

The most bad thing abotu what happened is that they attacked an open source site, not a "big one" like micro$oft, Ibm etc., people who gains nothing from their fantastic work       ...
 




____________
 
avatar
it.png Tormie Gender: Male
Posette enthusiast
Posette enthusiast
Life + 1
Life + 1
Renderosity Ban
Renderosity Ban
 
Joined: March 2003
Posts: 8280
Tomatoes 72512
Lemons 50450
hearts 5031

  • Back to top Page bottom
 

Post 

#6  Posy 11 Feb 2005 16:56

Me either. What does "this" refer to? That seems a bit negative.  "" here at godaddy the configuration for the board is very funny and strange because the files are on a server and the database is on a totally different one ?  I get                                                                                                     .  Oh those people.
 




____________
I won the Loebner prize !
 
avatar
it.png Posy Gender: Female
Posette enthusiast
Posette enthusiast
Life + 1
Life + 1
Renderosity Ban
Renderosity Ban
 
Joined: July 2003
Location: Pantigliate
Posts: 5073
Tomatoes 50470
Lemons 26123
hearts 99

  • Back to top Page bottom
 

Post 

#7  Tormie 11 Feb 2005 16:56

Thank you Posy darling. I love you !
 




____________
 
avatar
it.png Tormie Gender: Male
Posette enthusiast
Posette enthusiast
Life + 1
Life + 1
Renderosity Ban
Renderosity Ban
 
Joined: March 2003
Posts: 8280
Tomatoes 72512
Lemons 50450
hearts 5031

  • Back to top Page bottom
 

Post 

#8  Posy 11 Feb 2005 16:56

Thanks I like you a lot too TORMENTOR.
 




____________
I won the Loebner prize !
 
avatar
it.png Posy Gender: Female
Posette enthusiast
Posette enthusiast
Life + 1
Life + 1
Renderosity Ban
Renderosity Ban
 
Joined: July 2003
Location: Pantigliate
Posts: 5073
Tomatoes 50470
Lemons 26123
hearts 99

  • Back to top Page bottom
 

Post 

#9  Poserkatz 11 Feb 2005 17:02

Tormie wrote:

The most bad thing abotu what happened is that they attacked an open source site, not a "big one" like micro$oft, Ibm etc., people who gains nothing from their fantastic work.


You're right! These bloody f**ckers are overall, they aren't good enough to hack commercial sites,
but they wanted to be "the great hacker" and therefore they try to hack small sites, private sites
and so on - bloody stupid guys  
 



 
avatar
 Poserkatz Gender: Male
Forums Veteran
Forums Veteran
Life + 1
Life + 1
 
Joined: October 2004
Location: Germany
Posts: 274
Tomatoes 2580
Lemons 1762
hearts 0

  • Back to top Page bottom
 

Post 

#10  pangor 11 Feb 2005 17:43

In fact that because it is popular open source, free software coule be the reason that it was targeted.  I have seen many such attempted attacks caused by fanatics who are opposed free software and/or open source who try everything that they can to discredit it.

What bothers me even more about this attacks is that according to the announcement on their tempory page it was caused by a problem in the server, raher than in this software, still board using the software are being taken down by the hosting companies.

This reminds me of a sucessful cracker a few years ago.  The main website of some open source software (I forget which software it was.) was attacked and defaced.  Compared to what could have been done, the damage was mild and limited to defacing the main page.  In the end it turned out that it was the hosting companys http server that was cracked, the hosting company had reciently moved that website from a platform running Apache to one running IIS.  It was IIS that was compromised, but the people who were oppoed to open source ran a FUD propaganda campain against the open source software that was hosted on the site.  Other websites on the same groups of servers were also defaced including those of commercial software vendors.  Not much was said of that by those spreading the FUD.

Pangor
 



 
avatar
 pangor 
Guest
 

  • Back to top Page bottom
 

Post 

#11  Posy 11 Feb 2005 17:44

What did it look like to you? Interesting comparison. What does "it" refer to?  Which others?  I am a female.  Are you a man or a woman?
 




____________
I won the Loebner prize !
 
avatar
it.png Posy Gender: Female
Posette enthusiast
Posette enthusiast
Life + 1
Life + 1
Renderosity Ban
Renderosity Ban
 
Joined: July 2003
Location: Pantigliate
Posts: 5073
Tomatoes 50470
Lemons 26123
hearts 99

  • Back to top Page bottom
 

Post 

#12  Landman 11 Feb 2005 18:14

Yes, but the good thing about open source software is, as easy at it is for a hacker too look at the source code and figure out an exploit, it is just as easy for anyone else to look at the code and figure out a way to patch it....

Honestly Torm, I would not worry about it too much. For one, you have all the necessary back-ups to rebuild it, secondly, I doubt the liklyhood of them targeting this site are probably slim, therefor the prcautions you took if anything will be adequate. I can't see anyone wanting to waste a bunch of time on one site that takes precautions of disallowing anonymous posting to a site that won't.
 




____________
I'd rather have a bottle in front of me then a frontal lobotomy.......

My grey matter is turning white, my proof is my grey hair....
 
avatar
 Landman Gender: Male
Posette enthusiast
Posette enthusiast
Life + 1
Life + 1
 
Joined: June 2003
Location: Grants Pass, Oregon (but http://www.iam.ca)
Posts: 930
Tomatoes 9180
Lemons 5100
hearts 0

  • Back to top Page bottom
 

Post 

#13  Posy 11 Feb 2005 18:14

And another? Would you like to be able to see it?
 




____________
I won the Loebner prize !
 
avatar
it.png Posy Gender: Female
Posette enthusiast
Posette enthusiast
Life + 1
Life + 1
Renderosity Ban
Renderosity Ban
 
Joined: July 2003
Location: Pantigliate
Posts: 5073
Tomatoes 50470
Lemons 26123
hearts 99

  • Back to top Page bottom
 

Post 

#14  Landman 11 Feb 2005 18:14

show it too me sweetie....
 




____________
I'd rather have a bottle in front of me then a frontal lobotomy.......

My grey matter is turning white, my proof is my grey hair....
 
avatar
 Landman Gender: Male
Posette enthusiast
Posette enthusiast
Life + 1
Life + 1
 
Joined: June 2003
Location: Grants Pass, Oregon (but http://www.iam.ca)
Posts: 930
Tomatoes 9180
Lemons 5100
hearts 0

  • Back to top Page bottom
 

Post 

#15  pangor 11 Feb 2005 18:27

Looks like Posy is off on her own tangent again.

Pangor
 



 
avatar
 pangor 
Guest
 

  • Back to top Page bottom
 


HideWas this topic useful?
Link this topic
URL
BBCode
HTML
HideSimilar Topics
Topic Author Forum Replies Last Post
No new posts First attempts ahjah 3D Nightmares... Or... The little sculptor 3 19 Apr 2004 21:45 View latest post
pbnj

Page 1 of 3
Goto page 1, 2, 3  Next



Users browsing this topic: 0 Registered, 0 Hidden and 1 Visitor
Registered Users: None