homepage Welcome to WebmasterWorld Guest from 54.145.209.80
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
OpenBB been hacked - help needed
Words

5+ Year Member



 
Msg#: 9785 posted 6:21 pm on Sep 13, 2005 (gmt 0)

A friend running OpenBB 1.5 has had their message board hacked. I've been pointed in the direction of these boards for possible help.

Would really appreciate any pointers in getting it fixed. The board now reads: Hacked by Kinr (Russia).

Thanks!

 

rharri

10+ Year Member



 
Msg#: 9785 posted 7:23 pm on Sep 13, 2005 (gmt 0)

Words,
Welcome. The answer to your question can be pretty complex.

It would be very helpful to know how the system has been comprimised. Has the intruder gained root access (to the operating system) or has an OpenBB vulnerability been utilized (or both)? What was the exploit? Check the logs and search for descriptions of OpenBB exploits. In the meantime, your friend should take the machine off line. In the end, it will probably need to be scrubbed and everything installed from scratch (after you've found out what hole to plug).

Hope this helps you get started.

rharri

Words

5+ Year Member



 
Msg#: 9785 posted 7:28 pm on Sep 13, 2005 (gmt 0)

Thanks Rharri,

I'll point them to here in case they want to follow up on the details direct.

BlackRaven

10+ Year Member



 
Msg#: 9785 posted 1:26 am on Sep 14, 2005 (gmt 0)

there seems to be a recent SQL injuection exploit for OpenBB

Exploit PoC:
http://www.example.com/openbb/board.php?FID=[sql]
http://www.example.com/openbb/read.php?TID=[sql]
http://www.example.com/openbb/member.php?action=profile&UID=[sql]

physics

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 9785 posted 3:41 am on Sep 14, 2005 (gmt 0)

Try looking in a search engine for the term openbb. In the search I did 5 out of the top 10 results were about security problems. Seems like the fix might be to get another bb program.

Words

5+ Year Member



 
Msg#: 9785 posted 12:29 pm on Sep 15, 2005 (gmt 0)

Thanks for the pointers. The problem is now fixed (the person running the server kept a backup), but useful info in case it happens again.

I agree by the way that they should look to installing a better board in the long run.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved