|
Joined: Oct 2006
Posts: 46
newbie
|
newbie
Joined: Oct 2006
Posts: 46 |
So I go to have a look at the UBB Threads board on one of our sites and it says "Hacked by Dragunov"
Who is this prick and has anybody else been targeted? Is there any action I can take or is it just a case of taking it on the chin? Really frickin' annoyed and now worried that it's gonna happen again.
I'm getting a restore done from backup - $100 I'd rather not have to spend!:-(
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
What version of UBB are you running? What about MySQL and PHP versions?
Windows host or Linux host?
|
|
|
|
Joined: Oct 2006
Posts: 46
newbie
|
newbie
Joined: Oct 2006
Posts: 46 |
It was 7.2.2 on Linux. Not sure about MySql or PHP versions but the hosting company is usually fairly up to date.
Was there some kind of security patch a while back. I thought I had installed it but maybe I missed it...
|
|
|
|
Joined: Jan 2004
Posts: 2,474 Likes: 3
Pooh-Bah
|
Pooh-Bah
Joined: Jan 2004
Posts: 2,474 Likes: 3 |
Google only comes up with one result for 'Hacked by Dragunov' and that's a 7.2.2.
What was the nature of the hack?
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
Do you have any other scripts installed on the server? It's more than likely they got hacked and he just defaced the more popular areas of your site (to take suspicion away from how he got in so he can do it again).
Other possibilities are that he guessed an admin password and logged in and edited a template...
|
|
|
|
Joined: Jun 2006
Posts: 9,242 Likes: 1
Former Developer
|
Former Developer
Joined: Jun 2006
Posts: 9,242 Likes: 1 |
The only security patched we've had to release was this one.
|
|
|
|
Joined: Oct 2006
Posts: 46
newbie
|
newbie
Joined: Oct 2006
Posts: 46 |
They only got into Threads. Not sure how. I don't really know how to look for forensics.
|
|
|
|
Joined: Mar 2008
Posts: 326
Enthusiast
|
Enthusiast
Joined: Mar 2008
Posts: 326 |
Scope out your logs to see if any "odd" URLs were accessed.
|
|
|
|
Joined: Jul 2006
Posts: 96
member
|
member
Joined: Jul 2006
Posts: 96 |
You should be running mod_security to protect apache, php and mysql from exploits.
|
|
|
|
Joined: Jul 2005
Posts: 137
Member
|
Member
Joined: Jul 2005
Posts: 137 |
One of my sites got hacked back in 2006 by a similar sounding hacker - at the time i think i was running 7.2.2 and originally thought that my SSH account had been compromised. As it turned out it was a php/mysql exploit.
I upgraded to the latest ubb version that was available, and have kept up to date with the versioning since and (touch-wood) have not had any similar experiences since.
|
|
|
|
Joined: Oct 2006
Posts: 46
newbie
|
newbie
Joined: Oct 2006
Posts: 46 |
It's a real freakin' mess at the moment. We did a fresh install of UBB ( http://www.scienceagogo.com/forum/ubbthreads.php) and UBB sees the database but can't pull any data from it. It's a frickin' disaster. Not sure what to do.:-(
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
I can navigate/read threads on that link without issue...
|
|
|
|
Joined: Oct 2006
Posts: 46
newbie
|
newbie
Joined: Oct 2006
Posts: 46 |
Fack! It magically came good! I have no idea what's going on here...
|
|
|
|
Joined: Oct 2006
Posts: 46
newbie
|
newbie
Joined: Oct 2006
Posts: 46 |
OK, just noticed something. WHen I try to log in as the admin it says "Your account has been banned or locked. This ban will expire on May 09, 2009 12:46 AM. If the Administrator has specified a reason for this ban, you will find it below."
No idea where that came from. I'm guessing that if I delete m7y cookies I'll get back in again?
|
|
|
|
Joined: Oct 2006
Posts: 46
newbie
|
newbie
Joined: Oct 2006
Posts: 46 |
Wow, if I try and log in as the admin I get a weird message (see above) and then it blanks everything. Doh, how does it do that... Any ideas? Presumably I need to trach the admin member and then recreate it. Not sure how I do that if I can't get in though...
|
|
|
|
Joined: Oct 2006
Posts: 46
newbie
|
newbie
Joined: Oct 2006
Posts: 46 |
OK, went into MYSQL and manually changed the banned admin record. All now seems good. Hooray! Hopefully no hidde3n nasties in there yet to find! Folks, upgrade from 7.2.2!
|
|
|
|
Joined: Feb 2007
Posts: 1,294 Likes: 2
Veteran
|
Veteran
Joined: Feb 2007
Posts: 1,294 Likes: 2 |
There are other variables other then the UBB version like server setup and so on. You can not just blame the entire problem in 7.2.2.
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
There are other variables other then the UBB version like server setup and so on. You can not just blame the entire problem in 7.2.2. Agreed, hence my prior comments Do you have any other scripts installed on the server? It's more than likely they got hacked and he just defaced the more popular areas of your site (to take suspicion away from how he got in so he can do it again).
Other possibilities are that he guessed an admin password and logged in and edited a template...
|
|
|
|
Joined: Oct 2006
Posts: 46
newbie
|
newbie
Joined: Oct 2006
Posts: 46 |
Sorry, didn't mean to offend:-)
|
|
|
|
Joined: Feb 2007
Posts: 1,294 Likes: 2
Veteran
|
Veteran
Joined: Feb 2007
Posts: 1,294 Likes: 2 |
Do you have PHPMyAdmin installed on your site? If so do you have it in a secure folder / directory requiring a user name and password to enter that directory?
Many times I see message boards "hacked", the proper term would be cracked, and destroyed and this is the case or something similar. A "hacker", proper term would be cracker, will never reveal how he got in or mess with that avenue over going after your most popular part of your site, your interactive material. He or she will always wish to return and enter back through that area once you have spent the time to restore your site and feel that you have "fixed" the problem. Them they will return once again to show you how good of a script kiddie they really are.
If you do not have full log access you most likely will never know how they got in unless you check everything for security or hire someone whom can do it for you.
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
Sorry, didn't mean to offend:-) I don't think anyone here is / was offended. We're just saying that there are many avenues of security involved and that it may not all be related to the UBB code. As stated by a few members here, you need to really scour the logs and review current settings, etc. If you don't have access then you need someone that does have access to help out or you could easily be going through this again. I just did one on a Windows Server 2000 and it turns out that whomever set it up did not use any good best practices and basically left it open. Luckily at least Server 2003 comes out of the box so to speak a lot more secure than 2000 did, but it too needs to be shored up if you're going to have it Internet facing.
|
|
|
|
Joined: Dec 2003
Posts: 6,566 Likes: 78
|
Joined: Dec 2003
Posts: 6,566 Likes: 78 |
If it were me the very first thing I would do is change all passwords for site access. FTP,MYsql user database,UBBAdmin password, Site control panel etc. Including anyone that was granted access to the site that has the same type of access as you. Also on ftp access I would ensure you don't have any old FTP accounts that can access a area they should not. Then I would make sure you have the security patch installed that Rick stated since it should apply to your version.
Then consider upgrading UBB
Blue Man Group There is no such thing as stupid questions. Just stupid answers
|
|
|
|
Joined: Jun 2006
Posts: 16,301 Likes: 116
|
Joined: Jun 2006
Posts: 16,301 Likes: 116 |
Yeh, it's just good security to make sure you're always running semi-current code for any scripts installed in your webspace.
Even then, system services on the server need to be monitored for security as well...
Then you have passwords, user emails containing passwords, etc etc etc...
|
|
|
Test
by Phun - 05/28/2024 7:31 PM
|
|
|
|
|
|