Thread: Need help, PHPBB just got hacked

Affiliate Ian · #1 August 29th, 2005, 06:19 PM

Can anyone help here? My phpBB forum just got hacked by some punks. Can't even log in to admin area.

Do they have my admin passwords?

Can I just upload my database and files form my pc to the web server to get it back?

Greg Rice · #2 August 29th, 2005, 06:23 PM

Ouch. Not familiar with phpBB but maybe your hosting company can reset the password? I hope your site/db is backed up. If so, maybe a restore if nothing else works.

UncleScooter · #3 August 29th, 2005, 06:42 PM

FTP down your Admin directory and re-configure it with new passwords etc. Make sure the Contrib and Install directories are deleted after installation. This is the most common route for hackers to get in to PHPBB.

Affiliate Ian · #4 August 29th, 2005, 07:05 PM

ok, going to dump entire database and install the latest phpBB. So, here are a few qquestions:

Do I:

1. Drop tables from MySQL (I am using MySQLfront).
2. Delete all files from forum folder on web server
3. Upload and install latest phpBB on web server
4. Use MySQLFront to upload entire backup of database to MySQL

What should I be looking out for? I think I need to drop all tables before I upload backup .sql file right? Any help would be great. Can't even think straight now I am so mad....

dflsports · #5 August 29th, 2005, 07:54 PM

I am no pro, but usually when I install a newer version, I delete the old one (backing up the database first) Then install the new version and use the admin panel to restore the database.

UncleScooter · #6 August 29th, 2005, 07:54 PM

I think you can load the latest version (which is muc more hacker proof) and point it to your existing database and you will not lose your database. It is the php files that they got in to, not your database.
Of course, change all passwords.
Upload the new version in a diffferent folder and configure it. If it recognizes the database, which it should, just clean out the old folder and dump the new version in there. It should be that simple. I hope it is. I know how much of a pain in the ass this can be.

Affiliate Ian · #7 August 29th, 2005, 08:16 PM

dfl: yes, good idea. But unfortunately, the database was the one that got hacked. Luckily, i did a manual database backup this morning. Reloading it now. Once it's done, I will use phpBB's admin panel to backup the tables. Then, I can hopefully get the latest version to Restore the old tables.

Unclescooter. Thanks for the words of encouragement. The hacker got in to at least the database. I trashed the entire DB and uploaded a backup and the hack file seem to have disappeared. I am not taking any chances, I will upload the new phpBB folder when all the back is done.

Now, I hope I can get the new forum to recognize the old tables. Wish me luck!

Man, did I mention I hate hackers?

Leader · #8 August 29th, 2005, 09:14 PM

Good luck!

Make sure there's no hack files hidden amongst the scripts, too

Affiliate Ian · #9 August 29th, 2005, 09:23 PM

Thanks Leader. Uploaded all my local files too just in case. Now, I am looking for a paid forum. Hopefully, these will be more secure?

Leader · #10 August 29th, 2005, 10:25 PM

Check your PMs...

Like any software, paid forums occasionally get hacked or have vulnerabilities discovered (the publication of which then cause them to get hacked), but usually their makers come out with an upgrade that deals with the issue.

But I would expect that the major ones would be quite a bit more likely to get their issues fixed quickly than free ones.

Affiliate Ian · #11 August 29th, 2005, 10:38 PM

Thanks Leader.

I am now looking at a paid forum. I agree, I think this will be best in the long run. Just hoping that the new forum can recognize my old database. I would have to lose all the posts and members...

Thanks again for your encouragement. Just got a bit frustrated today.

Tracy · #12 August 30th, 2005, 12:36 AM

You might want to go to the phpBB Forum. That's where I've gone to solve problems with my forum, and they've been extremely helpful there. Searching the forum titled phpBB Support, you'll probably find where others have been hacked too and find that most of your questions have already been answered.

They'll also give you some great ideas about improving your forum. For instance, it never dawned on me to add the Google Adsense at the bottom of all my pages, until I found the instructions on how to do it there.

Also, I found the patch there to make sure google could index my forum pages.

C.Whyte · #13 August 30th, 2005, 01:07 AM

Google Adsense on PhPbb??? That's a first. I might have to look into that myself! Any other phpbb unknown marketing ideas out there? (or is that another thread?) At any rate, thanks Tracy for the idea!

Tracy · #14 August 30th, 2005, 01:44 AM

Actually, no I don't think it's a first since the instructions are dated November 2003. I bookmarked the page with the instructions, because every time they do an upgrade it wipes out the ads, and I have to go back in and add the code again:

Basic info on how to place the adsense ads on a phpBB forum

Affiliate Ian · #15 August 30th, 2005, 02:03 AM

Thanks for the post Tracy. I implemented the session mod so google will inde the posts. I think it worked. Hey, do you have a link for the mod? I would like to keep it for my records.

I am looking into a paid forum now. But would still like the link for my records.

TIA!

Tracy · #16 August 30th, 2005, 02:18 AM

As a matter of fact, I do. It's another one that gets wiped out with each update:

Modification for Google Bot

Even though it's for Version 2.0.15, it also works with later versions.

Affiliate Ian · #17 August 30th, 2005, 02:54 AM

Thanks Tracy, hope this works out well for you!

Thread: Need help, PHPBB just got hacked

Internet Services

Web Development

Digital Marketing

Consumer Tech