Forum Moderators: rogerd
They totally trashed the place. Replaced custom user titles with swearing insults, deleted most of the posts there, replaced people's signitures with insults, posted a lot of vile swearing abusive posts there... Just defaced the place.
Now that I've taken care of immediate matters by shutting the forum down temporarily, I need to look to the future.
My question is what can I do to stop this happening again?
I should say that I was using an OLD version of PHPBB. It was 2.0.2 or something ridiculous like that. I am running my website via myhost.com. myhost.com don't give their users shell access. FTP access is the closest you'll get to that (and thats a million miles away).
myhost DO give you CGIs, Perl, PHP, and a whole load of other nice stuff. But they DON'T give you shell access :(
The forum was old, because I just used myhost's installer to install it. myhost only have old versions of PHPBB to install via their default installer. The latest version of their forum is currently 2.0.11. They say that "upgrading to the latest version is your responsibility". Which is true, but that's not the image their marketing give of being able to do everything from a user-friendly control panel. Some time ago (before it was ever hacked) I asked them security, and they told me that my forum was secure.
I have a feeling they are just saying whatever will get me off their back.
And I'm not sure how to install PHPBB without shell access.
So what can I do? I've got PHPBB 2.0.11 right now.
I want to restore all of my old posts and the old forum settings. I have a backup, but I don't want to spend effort backing stuff up into a forum that's only going to be hacked again.
Can I use a different forum software? And can I install it without shell access?
Should I just move to an off-site web forum? Like EZforums? Is it possible to move my old PHPBB posts overt to EZforums using some kind of script?
Basically what I want is this:
1) Security
2) Everyone's old accounts and posts.
Anything that will give me this, I will take!
Any advice anyone? Thanks :)
[edited by: jatar_k at 3:43 pm (utc) on Aug. 14, 2005]
[edit reason] removed all specifics [/edit]
What about legal action? This really isn't right what he's done.
The perpetrator is living in Holland, apparantly. I live in the UK.
I don't know anything about legal issues here.
Note: Here are my system stats:
Perl 5.8.1
PHP 4.3.10
MySQL 4.0.22-standard
[edited by: boytheo at 2:47 pm (utc) on Aug. 14, 2005]
Just a thought. I do feel sorry for you, and am as much against this kind of vandalism as the next guy.
Firstly, forget about pursuing the offender - they are almost certainly just using an anonymous proxy via that IP address. The police aren't interested unless you've lost millions. It's tough, but you'll be wasting your time. Concentrate your efforts on what you can do.
Secondly, don't blame the hosting company completely. They have a certain responsibility in not having the latest phpBB version in their control panel, but you are the one responsible for updating your script.
Basically what I want is this:1) Security
2) Everyone's old accounts and posts.
I'll take the second question first: go back to your last known good backup. You did make regular database backups from the phpBB admin control panel, didn't you? If not, your host may have a backup, but they may well charge you for restoring it for you.
On to your first question. Start by password-protecting the folder temporarily while you work on it. After thet, get the latest version of phpBB from [phpbb.com...] - the latest at the time of writing is 2.0.17 - the 2.0.11 is not sufficient and there have been several security fixes since then. Whilst you're on the phpBB site, sign up to their notification newsletter so you will be informed for each update.
You don't need shell access to install phpBB at all - FTP is fine. Replace all the files with the new versions from your downloaded version except for "config.php" (keep your old one, run the update script (see the instructions in the package). You should see it working once you have restored the database.
You will need to change the database password in your hosting company's control panel, then download and hand-edit the "config.php" file in Notepad. After that, you need to change your phpBB admin password, then your hosting/FTP password. Any other admins must change their passwords too, and if you are running any other scripts on the server, change all those passwords too. Finally, delete and re-upload all other non-phpBB files in your hosting space from known good backups - those may have been changed too. Really, everything down to static files and images. Personally, I would move to a different host or at least a different server, as you don't really know how far the hackers got into the system.
That's a quick overview of how to get back to something working. Good luck!
I suppose being successful is often the best revenge :) The hacker's ego needs to take people down, but he isn't going to get that.
I checked my FTP file modified dates. Only the forum was modified in the last month. (I haaven't uploaded anything to my website for a while as I've been working on a different job!)
So I'm pretty certain this person only got to my forum.
Thanks everyone (particularly encylo) for the advice. I should be able to get my forum back up and running soon with this.
