My Invision Power Board v 1.3 was Hacked! - Community Building and User Generated Content forum at WebmasterWorld - WebmasterWorld

Forum Moderators: rogerd

Message Too Old, No Replies

My Invision Power Board v 1.3 was Hacked!

IPB Forums were vandalized, and destroyed.

FTFlash

6:58 am on Mar 14, 2006 (gmt 0)

10+ Year Member

Today, I was shocked when I did a routine visit to one of my smaller forums. The entire layout was vandalized and destoryed! In huge red font were the words "Hacked by ThiS TuRKiSH HacKiNG SeCuRiTy TeaM".

Who exactly is this hacking team? ...well they left their names, too. "HacKed By EL_MuHaMMeD & EsKoBaR & CyBeRWoLF & C-W-M & _HacKAteS_ & Poizonb0x & XYU & M.H.G USeRs".

All the topics, and subforums appear to be innaccessible and are defaced. The damage to the MySQL database appears to be minimal, though, as only 4 rows contain the words "Hacked by...". But, I can't be sure about what the hackers have done to the database and what information they might have about my forum and my passwords. I can't just fix the defacement and leave the forums as is because someone else is likely to come along and do the same thing again.

After searching around for a bit, it turns out that version 1.3 of Invision Power Board is vulnerable to an SQL injection exploit. Upgrading to a newer version of Invision Power Board is out of the question because the forum is not that large and an IPB license is rather expensive. IPB v 1.3 is the last free version of the forum software, if I'm not mistaken.

I've taken the forums down, and I'm considering transferring everything over to phpBB2. Is phpBB2 more secure? How difficult would it be to transfer exisiting members (~100) and posts (~7000) over to the new forum software?

Also, do you think that the hackers could have gotten information like MySQL passwords, user passwords, or sensitive server information?

Any help/suggestions would be appreciated!

BTW: It turns out that I'm not the only one who has been affected by this exploit (searched Google).

[edited by: rogerd at 8:30 pm (utc) on Mar. 15, 2006]
[edit reason] no specifics or URLs, please [/edit]

rogerd

8:33 pm on Mar 15, 2006 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

Was your software completely up to date? phpBB has had some major hack attacks, too, but admins who kept on top of patches didn't have a problem.

Just about every major script has vulnerabilities turn up - the only solution is to keep checking for updates. If the forum software has a mailing list for important announcements, be sure you are on it.

Of course, it's remotely possible there was some other vulnerability that let the hackers in. If the other sites you found were also Invision, though, it was probably a hack directed at that software.

Oldiesmann

9:13 pm on Mar 17, 2006 (gmt 0)

10+ Year Member

There is a converter to go from IPB 1.x to phpBB. If you want to convert to phpBB, I recommend doing a test conversion first - make a backup of the database and import it onto a new database. Install phpBB on this new database as well and convert from there. That way if something goes wrong during conversion or you decide that you'd rather look at your other options first, then you won't lose anything.

rogerd

8:06 pm on Mar 18, 2006 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

I wouldn't assume that phpBB is inherently more secure than Invision. They have had quite a few security updates in the last year. People who stayed up to date managed to avoid defacement and damage from hackers.

FTFlash

2:43 am on Mar 22, 2006 (gmt 0)

10+ Year Member

I understand that phpBB is not flawless (what application is?), but I'd rather risk phpBB's frequent security updates than be stuck with the same stale version of Invision Power Board.

I have already converted everything over to phpBB and I am liking the new system.

Thanks for the suggestions though.

jatar_k

2:59 am on Mar 22, 2006 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

>> but I'd rather risk phpBB's frequent security updates than be stuck with the same stale version of Invision Power Board

bad plan, phpbb's easiest hack has never been fixed, how's that for secure?

at any rate

if the db only has 4 rows messed with then it may be a somewhat standard hack. A lot of these hacks just mess around with parts of the templates.

My wild guess is that it isn't half as bad as you think. The db is the core for most forum software so you need to look at exactly what rows in what tables have been changed. Then see how those rows are used and where. That is the key to finding out what happened and what needs to be changed back.

>> do you think that the hackers could have gotten information like MySQL passwords, user passwords, or sensitive server information?

nope, most of these are just injection attacks, foolish and simple. It really makes the site look terrible but as far as actual server hacking, most of these jokers are just script kiddies, nothing more.

I have run at more than a couple of them head to head. If I am actually logged into the server I can kill them and ban them as fast as they can switch ips. The moment I can figure where the problem is the door can be closed quickly and they can't do much about it. Real hackers either don't leave footprints or the whole thing goes up in smoke so fast you don't have time to figure out something happened.

FTFlash

6:03 am on Mar 23, 2006 (gmt 0)

10+ Year Member

bad plan, phpbb's easiest hack has never been fixed, how's that for secure?

What hack is that? I'd like to take a look, if you have a link. Sticky me?

if the db only has 4 rows messed with then it may be a somewhat standard hack. A lot of these hacks just mess around with parts of the templates.

That's exactly what happened. The 3 tables that contained the code to display the various forum names was replaced with "Hacked by...". And the last table was for the overall template, and they just inserted some CSS, a few pictures, and, of course, some nice music. ;)

That is the key to finding out what happened and what needs to be changed back.
nope, most of these are just injection attacks, foolish and simple. It really makes the site look terrible but as far as actual server hacking, most of these jokers are just script kiddies, nothing more.

I had fixed the 4 tables within minutes of finding them changed. However, I transferred the forum over to phpBB because if some script kiddie was able to perform an SQL injection, then IPB v1.3 probably has other fatal flaws that haven't been addressed - and never will be.

jatar_k

5:21 pm on Mar 23, 2006 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

>> phpbb's easiest hack

the highlight function

get rid of it all together, it shouldn't be used at all. You can change it so it doesn't add it to links. Then you can also just nuke it all together in common.php (or whatever it is called)

there are so many hacks for the highlight param it is ridiculous

galea_unu

8:04 pm on Apr 20, 2006 (gmt 0)

yeah! they r turkish

[edited by: rogerd at 12:32 am (utc) on April 24, 2006]
[edit reason] No specifics or URLs, please. [/edit]

Lyndsay

8:11 pm on Apr 20, 2006 (gmt 0)

10+ Year Member

One of my phpBB boards was hacked today too... wasn't much going on, and it was constantly spammed so I'll probably just take it down all together.

FTFlash

9:25 pm on Apr 23, 2006 (gmt 0)

10+ Year Member

Well, I wish I knew about that upgrade before I moved over to phpBB. Oh well. :(