on 2.0.11. Still hacked? What is the problem?

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
huiben
Registered User
Posts: 6
Joined: Mon Feb 07, 2005 7:00 pm

on 2.0.11. Still hacked? What is the problem?

Post by huiben »

I already upgraded to 2.0.11 as advised. But my site is still exploited accroding to my ISP record. they say hacker can run 'back' and 'passwd' via my insecured site.

Is there any solution to that? What exactly is the bug? How do I track the problem down?

My ISP keeps bugging me and I don't know what to react.. please help

the ISP send me this

Code: Select all

-rw-r--r-- 1 myaccount myaccount 1082 Feb 8 01ᚨ back

Fri Feb 8 01ᚲᚩ 2005 user myaccount pid 8827 passwd

Infected
Registered User
Posts: 4
Joined: Tue Jan 04, 2005 12:34 am
Contact:

Re: on 2.0.11. Still hacked? What is the problem?

Post by Infected »

Tell your ISP you don't know what that means. They'll help you.

huiben
Registered User
Posts: 6
Joined: Mon Feb 07, 2005 7:00 pm

Re: on 2.0.11. Still hacked? What is the problem?

Post by huiben »

they cannot tell me what it means. I think they just have a batch process that scan for potential exploits. and when they get a positive hit, they just email me and say my site is a problem and warn to shut my site down.

is there any additional patch I can install? Is there anything I need to do manually to fix it? I can do some php programing if the right instruction is given.

ben

Mr.Jester
Registered User
Posts: 25
Joined: Sun Sep 12, 2004 9:28 pm

Re: on 2.0.11. Still hacked? What is the problem?

Post by Mr.Jester »

Those permissions have nothing to do with phpBB. Those are file system related. Notice the -rw-r--r--. Looks to me like the account "myaccount" is the problem.

Joe User
Registered User
Posts: 32
Joined: Mon Sep 13, 2004 10:10 am
Location: Germany
Contact:

Re: on 2.0.11. Still hacked? What is the problem?

Post by Joe User »

If you chmod any folder to 777, then it's your problem. Else your ISP has to harden their systems...
FreeBSD Remote InstallationPayPal.Me/JoeUser
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task,
and one of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.

huiben
Registered User
Posts: 6
Joined: Mon Feb 07, 2005 7:00 pm

Re: on 2.0.11. Still hacked? What is the problem?

Post by huiben »

'myaccount' is actually my account ID in the ISP. I just replace it with 'myaccount' .
So if 'myaccount' is a problem, that it is my problem. But what is the problem? Is there a bug in my phpBB or phpnuke? Is there any patch that I can apply?

My ISP says the 'back' and 'passwd' are typical indication of security exploit and they think it is because of my insecured website that allow hacker to run those malicious script.

(Note: I already have chatserv patch)

thanks
ben
Mr.Jester wrote: Those permissions have nothing to do with phpBB. Those are file system related. Notice the -rw-r--r--. Looks to me like the account "myaccount" is the problem.

Graham
Registered User
Posts: 1304
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK

Re: on 2.0.11. Still hacked? What is the problem?

Post by Graham »

OK, if you are definitely running 2.0.11 then there are no know security issues with it.

What you should do however is make sure that you indeed have 2.0.11 - compare your key files (eg viewtopic.php) with those from a clean download. Most claims to be hacked on 2.0.11 are from either not upgrading correctlt, or are files that date from before you upgraded - in which case you need to take a good look at your sire for any backdoors.
"So Long, and Thanks for All the Fish"

Graham
Eeek, a blog!

Mr.Jester
Registered User
Posts: 25
Joined: Sun Sep 12, 2004 9:28 pm

Re: on 2.0.11. Still hacked? What is the problem?

Post by Mr.Jester »

In the *nix world, passwd is used to change your password. Maybe you have a weak password.

The back thing I have no ideas about and this is one of those times that google can't help.

huiben
Registered User
Posts: 6
Joined: Mon Feb 07, 2005 7:00 pm

Re: on 2.0.11. Still hacked? What is the problem?

Post by huiben »

since I am using phpnuke, it is not easy to tell. what I did was to install phpnuke 7.5, then install BBToNuke 2.0.11. when I compare viewtopic.php, I see that this line is the same between BBToNuke 2.0.11 and a clean phpBB 2.0.11

* $Id: viewtopic.php,v 1.186.2.37 2004/11/18 17:49:39 acydburn Exp $

I also see that BBToNuke has been patched by chatserv for I can see his signature.

there could be some old version php files that left behind. if this could be a problem, how do I spot for the backdoor? is there any code pattern that I can search by?

thanks
ben
Graham wrote: OK, if you are definitely running 2.0.11 then there are no know security issues with it.

What you should do however is make sure that you indeed have 2.0.11 - compare your key files (eg viewtopic.php) with those from a clean download. Most claims to be hacked on 2.0.11 are from either not upgrading correctlt, or are files that date from before you upgraded - in which case you need to take a good look at your sire for any backdoors.

kjcdude
Registered User
Posts: 11
Joined: Tue Dec 28, 2004 3:37 am
Location: Southern California
Contact:

Re: on 2.0.11. Still hacked? What is the problem?

Post by kjcdude »

I HIGHLY doubt this is a bug in phpbb.

It's most likely PHP-Nuke.
There are SOOOOOOOOOO many security holes in NUKE that there is no way to guarantee your site safe.

Post Reply