Site got hacked
Moderator: Moderators
- otseng
- Savant
- Posts: 20520
- Joined: Thu Jan 15, 2004 1:16 pm
- Location: Atlanta, GA
- Has thanked: 197 times
- Been thanked: 337 times
- Contact:
Site got hacked
Post #1The site experienced its first major hack this morning around 7 AM (EST). All the posts got corrupted and forum settings were modified. I have restored the site to the last monthly backup. So, unfortunately, all posts and new members since Aug 9 are lost. I'm currently trying to figure out how the hacker got in. In the meantime, the site might continue to experience problems until a patch is done.
Last edited by otseng on Thu Sep 20, 2007 4:25 pm, edited 1 time in total.
- k-nug
- Site Supporter
- Posts: 228
- Joined: Tue Feb 24, 2004 12:38 am
- Location: Panama City Beach, Florida
- Contact:
Post #41
Can we report him to his ISP?
Also, what can we do to make this board more secure? I can't afford to help too much, but I would consider a small monthly donation to upgrade the site. And thanks Otseng for being on the ball with the backup.
Also, what can we do to make this board more secure? I can't afford to help too much, but I would consider a small monthly donation to upgrade the site. And thanks Otseng for being on the ball with the backup.
My version of Genesis.
At first there was symmetry. Then something broke.
At first there was symmetry. Then something broke.
- Vladd44
- Sage
- Posts: 571
- Joined: Mon Jan 03, 2005 10:58 am
- Location: Climbing out of your Moms bedroom window.
- Contact:
Post #42
PHPBB (the forum otseng uses) saves passwords in encrypted(md5) form. If your password isnt only numbers, a single word or a common phrase your ok.Furrowed Brow wrote:Should we be changing our passwords?
The problem with simple pws are, there is nothing to stop someone from md5 encrypting an entire dictionary. Then all he would need to do is compare the encrypted database passwords with his list. If he finds a match, then he could use it without you knowing.
However if he had database access it is a non factor bc he could add users or change pw to existing users etc.
When I was a child, I spake as a child, I understood as a child, I thought as a child: but when I became a man, I put away childish things.[GOD] ‑ 1 Cor 13:11
WinMX, BitTorrent and other p2p issues go to http://vladd44.com
WinMX, BitTorrent and other p2p issues go to http://vladd44.com
- otseng
- Savant
- Posts: 20520
- Joined: Thu Jan 15, 2004 1:16 pm
- Location: Atlanta, GA
- Has thanked: 197 times
- Been thanked: 337 times
- Contact:
Post #43
Unfortunately, with the way phpBB (and the mods) are written, there will be a chance of vulnerabilities. I always strive to be up-to-date with the core phpBB software, so the site is relatively secure.
I've reported the hack to my hosting provider. I don't think my ISP would be willing to get involved.
In terms of accessing anyone's email or passwords, I don't think he got to any of that. He basically broke into my admin account and so my account was the only one compromised. I've since then changed the password and banned the entire 81.* and 82.* IPs.
I've reported the hack to my hosting provider. I don't think my ISP would be willing to get involved.
In terms of accessing anyone's email or passwords, I don't think he got to any of that. He basically broke into my admin account and so my account was the only one compromised. I've since then changed the password and banned the entire 81.* and 82.* IPs.
- otseng
- Savant
- Posts: 20520
- Joined: Thu Jan 15, 2004 1:16 pm
- Location: Atlanta, GA
- Has thanked: 197 times
- Been thanked: 337 times
- Contact:
Post #45
The IP block belongs to Ripe.
http://www.ripe.net/whois
I've reported the attack to:
abuse@btbroadband.com
and
http://netreport.virginmedia.com/netreport
http://www.ripe.net/whois
I've reported the attack to:
abuse@btbroadband.com
and
http://netreport.virginmedia.com/netreport
-
- Savant
- Posts: 7140
- Joined: Wed Aug 09, 2006 4:16 pm
- Has thanked: 31 times
- Been thanked: 87 times
- Contact:
Post #46
It just gets stranger and stranger. I actually noticed that my token count jumped from 20 or so to over 800, so the token transfer must have occurred. Searched the site for an explanation but never found any.Vladd44 wrote:Update: Tried to donate my tokens to myth-one.com, from his profile, I got this msg.
Fatal error: Call to undefined function submit_post() in /home/dcr/public_html/forum/cash.php on line 244
When trying from my profile the link showed as http://debatingchristianity.com/forum/c ... =mpg&u=566 but clicking it reverted me back to index.php
----------------------------
Sorry Myth, I guess I won't be giving you tokens today. Remind me when it is fixed, and you can have whatever I have at that point.
It's working now, as I just successfully donated some to you.
Thank you Vladd44, it is your thought and consideration that makes me feel good, not the tokens. Man cannot live by tokens alone.
I learned this years ago and it was a very pleasant experience: http://www.myth-one.com/chapter_23.htmIt is more blessed to give than to receive. (Acts 20:35)
- otseng
- Savant
- Posts: 20520
- Joined: Thu Jan 15, 2004 1:16 pm
- Location: Atlanta, GA
- Has thanked: 197 times
- Been thanked: 337 times
- Contact:
Post #47
He sent the email from my account in the forum admin section. So in all likelihood he did not gather everyone's email addresses.katiej49 wrote:i received a threatening email from the hacker....evidently he got access to our email addys....
-
- Student
- Posts: 25
- Joined: Fri Jan 19, 2007 12:21 am
- Contact:
Post #48
I got this message if it helps:
Date: Fri, 07 Sep 2007 19:47:56 -0400 [09/07/2007 07:47:56 PM EDT]
From: forum@debatingchristianity.com
To: forum@debatingchristianity.com
Subject: cyber-nigger pwnz you all
Headers: Show All Headers
lol
your info has been leaked
you can contact me @
cyber-nigg3r@hotmail.co.uk
----
Debating Christianity and Religion
http://DebatingChristianity.com
Hacker emailed me
Post #49This hacker emailed me so i think he does have personal information on users at your site. I have not used this site that much, nevertheless i do make it a habit not to add much personal information to forum sites.
Text of email sent:
lol
your info has been leaked
you can contact me @
cyber-nigg3r@hotmail.co.uk
----
Debating Christianity and Religion
http://DebatingChristianity.com
Text of email sent:
lol
your info has been leaked
you can contact me @
cyber-nigg3r@hotmail.co.uk
----
Debating Christianity and Religion
http://DebatingChristianity.com
Do you think...
Post #50Do you think it was an angry regular member? I didn't get any threatening emails (I did get the "Cyber-nigger pwns you all" one), but I'm curious as to how he/she screwed up the site.
Last edited by Lainey on Sat Sep 08, 2007 12:51 pm, edited 1 time in total.