Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: rogerd
I did a quick search and it seams ghost61 has taken down a few forums including phpbb etc.
Now I don't know if this is a personal attack or just a robot searching the net, probably the latter.
In the last 5 years spent running and developing websites this has never happend to me before.
Could anyone with experience with ghost61 or tracking these "hackers" give me any advice on finding out how they managed to do it.
They'll find you through a google search either searching for text in the page, the URL etc. If for example phpbb3.0 had a vulnerability and its a bot crawling a quick look at the meta tags would tell it if the forum was updated or not as they were changed in the last update.
I had a mod on a phpbb2 forum that had one vulnerable file, I was on the authors personal mailing list for updates. Shortly after receiving notification and updating the file it suddenly became a very popular file. My logs showed a huge surge in hits for that file and the search string for the specific URL to confirm the file was present.
I did have one situation where the attack came via a vulnerability in the host's server. After two defacements, I changed hosts.