phpBB2 by Przemo

[riverkqj]

Hi ive just up dated by forum from 1.8 to 1.12.5 after finding a hacking program on my server !

The problem is at times over the last couple of days its been really slow ?
the rest of the site is working perfectly so whats wrong with the forum?

www.tottenhamhotspurs.tv/forum/

[Gadatliwa Kasia]

[DarksterV2]

Try optimizing the database?

[riverkqj]

Hi darkster

Yep ive tried that and no change bit at this all night and all day

[ Added: 22-01-2007, 19:13 ]
Ive just looked again at the optimize database and there is one that says not ok all the time

phpbb_sessions 14 HEAP 32.5 Kb No OK


Thats all it says ?

Ive tried optimizing it but it doesn't do it

[azwel]

riverkqj, it's typical I would say. I have the same, don't bother. You can do a backup of the table structure, delete it and restore it using the backup but the error will come again.

[riverkqj]

Oh well if its normal ill leave it , but have you any idea why my forum is so slow ?

[ Added: 23-01-2007, 20:52 ]
Ok just thought id let you all know i sorted the problem ,

Ive now just change my SQL server to a new one and its working much better now

[JA$ON]

enable gzip compression in admin panel and your forum will speed up

[riverkqj]

Hi jason this post is an old one sorry, but just for the info it was because my forum was in the process of being hacked and i caught them in the act... My own fault though as i was still running 1.8

[JA$ON]

someone tried to hack you? why is the new version not as vulnerable as the old one? whats the difference in safety? i would really like to know now.. that story is scary..

[riverkqj]

Yeah the 1.8 version had a security risk in it, i avoided upgrading due to a template issue and nearly got screwed the only way i found it was because the forum was so slow, i decided to back every thing up ! when i was doing this there was one file that wouldnt backup !

So i typed the file address into the browser to find a hackers backend controller... Hmm The controller had its own uninstaller so i did that, then updated to the newest release. created a new SQL and everything was fine again...

Lucky escape i think

Here is a screen shot of the hackers back end

[JA$ON]

pretty smart, you kind of hacked the hacker
but why wouldnt a hacker still be abled to upload that file on a server that runs the new version of przemos phpbb?

[riverkqj]

Hackers can only hack if they can get their exploit into the system ,which requires a floor or hole in the security which 1.8 had, the new one might have too just that no one's found it yet lol ....Same with any database run site..

I think that sums it up "ish"

The same hacker was doing it to Wordpress blogs too..

Im pritty sure that there is some info on the 1.8 issues somewhere on this site but i cant find it...

The first thing that made me suspicious was when i kept seeing "COPYRIGHT FOOTER 1.8 PRZEMO" in my stats under search engine referrals knew someone was looking for something then , that was about two days before i found the hack..

[JA$ON]

i wanna know how that sh** works, so i just downloaded the programm (c99shell) that hacked you.
found a download link at rapidshare here.

[riverkqj]

Yeah ive had a play with it too. if you can remember the copyright note of the 1.8 you can search google for all the people that are still on it

[ Added: 19-02-2007, 02:16 ]
This is what they did

Cytat:

PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.

[JA$ON]

i would never hack someone cuz i dont want that to happen to me either.
but i dont understand how that program is supposed to work. did you just upload it and open it with your browser? im kind of scared of uploading that on my server..

[Gadatliwa Kasia]

[riverkqj]

HELL NO i wouldnt try i found it how mine was here

http://www.duoc0409.net/