You are not logged in.

#1 2005-05-20 21:57:18

iphitus
Forum Fellow
From: Melbourne, Australia
Registered: 2004-10-09
Posts: 4,927

UCB Forums have been 'hacked'

http://user-contributions.org/forums/userproject/

some sorry bastard has too much time on his hands.

http://www.google.com.au/search?q=Garzt … S:official
http://www.zone-h.org/en/defacements/fi … er=Garzt3/

googling shows that the sorry script kiddie has a fetish for phpbb's and needs to get a life......

Offline

#2 2005-05-20 22:16:01

i3839
Member
Registered: 2004-02-04
Posts: 1,185

Re: UCB Forums have been 'hacked'

Better him than someone installing a proxy or doing other really nasty stuff it seems...

Offline

#3 2005-05-20 22:42:45

shadowhand
Member
From: MN, USA
Registered: 2004-02-19
Posts: 1,142
Website

Re: UCB Forums have been 'hacked'

Bummer. Maybe it's time to use something other than phpBB, like Simpleboard or ... well, I dunno what the other options are.


·¬»· i am shadowhand, powered by webfaction

Offline

#4 2005-05-20 23:40:13

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: UCB Forums have been 'hacked'

Humerous picture of Allastair Cookie. Small consolation I would imagine...

I wonder what version of phpbb usercb was running..

Anyway, I am testing out punBB. It is damn fast, but a bit light on the features side. Works fine for my needs, but might not for the arch community. Damn fast though...damn fast. (prespawn php-fcgi with eaccelerator helps too.).

Did I mention fast?

EDIT: Yikes. Looks like all of usercb pages are fooked. Wonder if it was a phpbb vuln, or something else (I would still bet on phpbb being the hole).


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#5 2005-05-21 01:43:32

iphitus
Forum Fellow
From: Melbourne, Australia
Registered: 2004-10-09
Posts: 4,927

Re: UCB Forums have been 'hacked'

if you look at the google i did on the dude, 90% of his targets have been phpbb's.

either way, not *everything* is buggered.

http://user-contributions.org/forums/us … d=newposts

i can still search new posts, cant view them though. looks like its just the index page.

Offline

#6 2005-05-21 03:33:57

iphitus
Forum Fellow
From: Melbourne, Australia
Registered: 2004-10-09
Posts: 4,927

Re: UCB Forums have been 'hacked'

yay, seems like it's back up big_smile

Offline

#7 2005-05-21 04:11:57

dtw
Forum Fellow
From: UK
Registered: 2004-08-03
Posts: 4,439
Website

Re: UCB Forums have been 'hacked'

ah - backups - you can get far if you keep 'em smile

Offline

#8 2005-05-21 04:42:59

iphitus
Forum Fellow
From: Melbourne, Australia
Registered: 2004-10-09
Posts: 4,927

Re: UCB Forums have been 'hacked'

wiki is down tho sad

Offline

#9 2005-05-21 10:21:26

rasat
Forum Fellow
From: Finland, working in Romania
Registered: 2002-12-27
Posts: 2,293
Website

Re: UCB Forums have been 'hacked'

My host's hosting usercb, server got hacked. All index.php and index.html were changed. They say the problem was with a phpbb vulnerability. As it was the hacker was only able to modify the website files and not anything else on the servers.

Its fixed now.


Markku

Offline

#10 2005-05-21 10:55:04

iphitus
Forum Fellow
From: Melbourne, Australia
Registered: 2004-10-09
Posts: 4,927

Re: UCB Forums have been 'hacked'

yay fixed big_smile

Offline

#11 2005-05-21 17:57:15

Gullible Jones
Member
Registered: 2004-12-29
Posts: 4,863

Re: UCB Forums have been 'hacked'

You know, I think phpBB forums need some sort of defence against script kiddies... Some way to find who the hack came from and send something nasty their way. For Windows, I'm thinking c:auxaux on startup...

Offline

#12 2005-05-21 18:47:32

i3839
Member
Registered: 2004-02-04
Posts: 1,185

Re: UCB Forums have been 'hacked'

The thing is that if some stupid script kiddy can already hack you, you're doing something wrong. Be glad he didn't do any real damage, and start fixing the security before a malicious cracker chooses your server.

Offline

#13 2005-05-21 19:12:27

rasat
Forum Fellow
From: Finland, working in Romania
Registered: 2002-12-27
Posts: 2,293
Website

Re: UCB Forums have been 'hacked'

Same I told to my host:
> Luckily it was a "harmless" hacker just proving he/she is able to hack.
> He/she could have deleted everything.

Fortunately I have a copy of all installed php web systems e.g. phpBB and PostNuke, in my local and could easily replace the hacked index files. They were many, it became a full day job.
The good side, got an opportunity to remove lot of old stuff. And a first hand experience in the importance of security. smile


Markku

Offline

Board footer

Powered by FluxBB