homepage Welcome to WebmasterWorld Guest from 54.146.190.193
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
My Invision Power Board v 1.3 was Hacked!
IPB Forums were vandalized, and destroyed.
FTFlash

5+ Year Member



 
Msg#: 785 posted 6:58 am on Mar 14, 2006 (gmt 0)

Today, I was shocked when I did a routine visit to one of my smaller forums. The entire layout was vandalized and destoryed! In huge red font were the words "Hacked by ThiS TuRKiSH HacKiNG SeCuRiTy TeaM".

Who exactly is this hacking team? ...well they left their names, too. "HacKed By EL_MuHaMMeD & EsKoBaR & CyBeRWoLF & C-W-M & _HacKAteS_ & Poizonb0x & XYU & M.H.G USeRs".

All the topics, and subforums appear to be innaccessible and are defaced. The damage to the MySQL database appears to be minimal, though, as only 4 rows contain the words "Hacked by...". But, I can't be sure about what the hackers have done to the database and what information they might have about my forum and my passwords. I can't just fix the defacement and leave the forums as is because someone else is likely to come along and do the same thing again.

After searching around for a bit, it turns out that version 1.3 of Invision Power Board is vulnerable to an SQL injection exploit. Upgrading to a newer version of Invision Power Board is out of the question because the forum is not that large and an IPB license is rather expensive. IPB v 1.3 is the last free version of the forum software, if I'm not mistaken.

I've taken the forums down, and I'm considering transferring everything over to phpBB2. Is phpBB2 more secure? How difficult would it be to transfer exisiting members (~100) and posts (~7000) over to the new forum software?

Also, do you think that the hackers could have gotten information like MySQL passwords, user passwords, or sensitive server information?

Any help/suggestions would be appreciated!

BTW: It turns out that I'm not the only one who has been affected by this exploit (searched Google).

[edited by: rogerd at 8:30 pm (utc) on Mar. 15, 2006]
[edit reason] no specifics or URLs, please [/edit]

 

rogerd

WebmasterWorld Administrator rogerd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 785 posted 8:33 pm on Mar 15, 2006 (gmt 0)

Was your software completely up to date? phpBB has had some major hack attacks, too, but admins who kept on top of patches didn't have a problem.

Just about every major script has vulnerabilities turn up - the only solution is to keep checking for updates. If the forum software has a mailing list for important announcements, be sure you are on it.

Of course, it's remotely possible there was some other vulnerability that let the hackers in. If the other sites you found were also Invision, though, it was probably a hack directed at that software.

Oldiesmann

10+ Year Member



 
Msg#: 785 posted 9:13 pm on Mar 17, 2006 (gmt 0)

There is a converter to go from IPB 1.x to phpBB. If you want to convert to phpBB, I recommend doing a test conversion first - make a backup of the database and import it onto a new database. Install phpBB on this new database as well and convert from there. That way if something goes wrong during conversion or you decide that you'd rather look at your other options first, then you won't lose anything.

rogerd

WebmasterWorld Administrator rogerd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 785 posted 8:06 pm on Mar 18, 2006 (gmt 0)

I wouldn't assume that phpBB is inherently more secure than Invision. They have had quite a few security updates in the last year. People who stayed up to date managed to avoid defacement and damage from hackers.

FTFlash

5+ Year Member



 
Msg#: 785 posted 2:43 am on Mar 22, 2006 (gmt 0)

I understand that phpBB is not flawless (what application is?), but I'd rather risk phpBB's frequent security updates than be stuck with the same stale version of Invision Power Board.

I have already converted everything over to phpBB and I am liking the new system.

Thanks for the suggestions though.

jatar_k

WebmasterWorld Administrator jatar_k us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 785 posted 2:59 am on Mar 22, 2006 (gmt 0)

>> but I'd rather risk phpBB's frequent security updates than be stuck with the same stale version of Invision Power Board

bad plan, phpbb's easiest hack has never been fixed, how's that for secure?

at any rate

if the db only has 4 rows messed with then it may be a somewhat standard hack. A lot of these hacks just mess around with parts of the templates.

My wild guess is that it isn't half as bad as you think. The db is the core for most forum software so you need to look at exactly what rows in what tables have been changed. Then see how those rows are used and where. That is the key to finding out what happened and what needs to be changed back.

>> do you think that the hackers could have gotten information like MySQL passwords, user passwords, or sensitive server information?

nope, most of these are just injection attacks, foolish and simple. It really makes the site look terrible but as far as actual server hacking, most of these jokers are just script kiddies, nothing more.

I have run at more than a couple of them head to head. If I am actually logged into the server I can kill them and ban them as fast as they can switch ips. The moment I can figure where the problem is the door can be closed quickly and they can't do much about it. Real hackers either don't leave footprints or the whole thing goes up in smoke so fast you don't have time to figure out something happened.

FTFlash

5+ Year Member



 
Msg#: 785 posted 6:03 am on Mar 23, 2006 (gmt 0)

bad plan, phpbb's easiest hack has never been fixed, how's that for secure?

What hack is that? I'd like to take a look, if you have a link. Sticky me?

if the db only has 4 rows messed with then it may be a somewhat standard hack. A lot of these hacks just mess around with parts of the templates.

That's exactly what happened. The 3 tables that contained the code to display the various forum names was replaced with "Hacked by...". And the last table was for the overall template, and they just inserted some CSS, a few pictures, and, of course, some nice music. ;)

That is the key to finding out what happened and what needs to be changed back.

nope, most of these are just injection attacks, foolish and simple. It really makes the site look terrible but as far as actual server hacking, most of these jokers are just script kiddies, nothing more.


I had fixed the 4 tables within minutes of finding them changed. However, I transferred the forum over to phpBB because if some script kiddie was able to perform an SQL injection, then IPB v1.3 probably has other fatal flaws that haven't been addressed - and never will be.

jatar_k

WebmasterWorld Administrator jatar_k us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 785 posted 5:21 pm on Mar 23, 2006 (gmt 0)

>> phpbb's easiest hack

the highlight function

get rid of it all together, it shouldn't be used at all. You can change it so it doesn't add it to links. Then you can also just nuke it all together in common.php (or whatever it is called)

there are so many hacks for the highlight param it is ridiculous

galea_unu

10+ Year Member



 
Msg#: 785 posted 8:04 pm on Apr 20, 2006 (gmt 0)

yeah! they r turkish

[edited by: rogerd at 12:32 am (utc) on April 24, 2006]
[edit reason] No specifics or URLs, please. [/edit]

Lyndsay

5+ Year Member



 
Msg#: 785 posted 8:11 pm on Apr 20, 2006 (gmt 0)

One of my phpBB boards was hacked today too... wasn't much going on, and it was constantly spammed so I'll probably just take it down all together.

FTFlash

5+ Year Member



 
Msg#: 785 posted 9:25 pm on Apr 23, 2006 (gmt 0)

Well, I wish I knew about that upgrade before I moved over to phpBB. Oh well. :(

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved