Site got hacked

[otseng]

The site experienced its first major hack this morning around 7 AM (EST). All the posts got corrupted and forum settings were modified. I have restored the site to the last monthly backup. So, unfortunately, all posts and new members since Aug 9 are lost. I'm currently trying to figure out how the hacker got in. In the meantime, the site might continue to experience problems until a patch is done.

[k-nug]

Can we report him to his ISP?

Also, what can we do to make this board more secure? I can't afford to help too much, but I would consider a small monthly donation to upgrade the site. And thanks Otseng for being on the ball with the backup.

[Vladd44]

Should we be changing our passwords?

PHPBB (the forum otseng uses) saves passwords in encrypted(md5) form. If your password isnt only numbers, a single word or a common phrase your ok.

The problem with simple pws are, there is nothing to stop someone from md5 encrypting an entire dictionary. Then all he would need to do is compare the encrypted database passwords with his list. If he finds a match, then he could use it without you knowing.

However if he had database access it is a non factor bc he could add users or change pw to existing users etc.

[otseng]

Unfortunately, with the way phpBB (and the mods) are written, there will be a chance of vulnerabilities. I always strive to be up-to-date with the core phpBB software, so the site is relatively secure.

I've reported the hack to my hosting provider. I don't think my ISP would be willing to get involved.

In terms of accessing anyone's email or passwords, I don't think he got to any of that. He basically broke into my admin account and so my account was the only one compromised. I've since then changed the password and banned the entire 81.* and 82.* IPs.

[katiej49]

i received a threatening email from the hacker....evidently he got access to our email addys....

[otseng]

The IP block belongs to Ripe.

http://www.ripe.net/whois

I've reported the attack to:
abuse@btbroadband.com
and
http://netreport.virginmedia.com/netreport

[myth-one.com]

Update: Tried to donate my tokens to myth-one.com, from his profile, I got this msg.

Fatal error: Call to undefined function submit_post() in /home/dcr/public_html/forum/cash.php on line 244

When trying from my profile the link showed as http://debatingchristianity.com/forum/c ... =mpg&u=566 but clicking it reverted me back to index.php

----------------------------
Sorry Myth, I guess I won't be giving you tokens today. Remind me when it is fixed, and you can have whatever I have at that point.

It just gets stranger and stranger. I actually noticed that my token count jumped from 20 or so to over 800, so the token transfer must have occurred. Searched the site for an explanation but never found any.

It's working now, as I just successfully donated some to you.

Thank you Vladd44, it is your thought and consideration that makes me feel good, not the tokens. Man cannot live by tokens alone.

It is more blessed to give than to receive. (Acts 20:35)

I learned this years ago and it was a very pleasant experience: http://www.myth-one.com/chapter_23.htm

[otseng]

i received a threatening email from the hacker....evidently he got access to our email addys....

He sent the email from my account in the forum admin section. So in all likelihood he did not gather everyone's email addresses.

[mereatheism]

I got this message if it helps:

Date: Fri, 07 Sep 2007 19:47:56 -0400 [09/07/2007 07:47:56 PM EDT]
From: forum@debatingchristianity.com
To: forum@debatingchristianity.com
Subject: cyber-nigger pwnz you all
Headers: Show All Headers

lol

your info has been leaked

you can contact me @

cyber-nigg3r@hotmail.co.uk

----
Debating Christianity and Religion
http://DebatingChristianity.com

[siriusday]

This hacker emailed me so i think he does have personal information on users at your site. I have not used this site that much, nevertheless i do make it a habit not to add much personal information to forum sites.


Text of email sent:


lol

your info has been leaked

you can contact me @

cyber-nigg3r@hotmail.co.uk

----
Debating Christianity and Religion
http://DebatingChristianity.com

[Lainey]

Do you think it was an angry regular member? I didn't get any threatening emails (I did get the "Cyber-nigger pwns you all" one), but I'm curious as to how he/she screwed up the site.