Previous Thread
Next Thread
Print Thread
Hop To
#226290 05/07/2009 4:13 AM
Joined: Oct 2006
Posts: 46
W
newbie
newbie
W Offline
Joined: Oct 2006
Posts: 46
So I go to have a look at the UBB Threads board on one of our sites and it says "Hacked by Dragunov"

Who is this prick and has anybody else been targeted? Is there any action I can take or is it just a case of taking it on the chin? Really frickin' annoyed and now worried that it's gonna happen again.

I'm getting a restore done from backup - $100 I'd rather not have to spend!:-(

Joined: Nov 2006
Posts: 3,095
Likes: 1
Carpal Tunnel
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095
Likes: 1
What version of UBB are you running?
What about MySQL and PHP versions?

Windows host or Linux host?

ntdoc #226292 05/07/2009 4:25 AM
Joined: Oct 2006
Posts: 46
W
newbie
newbie
W Offline
Joined: Oct 2006
Posts: 46
It was 7.2.2 on Linux. Not sure about MySql or PHP versions but the hosting company is usually fairly up to date.

Was there some kind of security patch a while back. I thought I had installed it but maybe I missed it...

Joined: Jan 2004
Posts: 2,474
Likes: 3
D
Pooh-Bah
Pooh-Bah
D Offline
Joined: Jan 2004
Posts: 2,474
Likes: 3
Google only comes up with one result for 'Hacked by Dragunov' and that's a 7.2.2.

What was the nature of the hack?

driv #226294 05/07/2009 7:51 AM
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Do you have any other scripts installed on the server? It's more than likely they got hacked and he just defaced the more popular areas of your site (to take suspicion away from how he got in so he can do it again).

Other possibilities are that he guessed an admin password and logged in and edited a template...


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Gizmo #226295 05/07/2009 9:05 AM
Joined: Jun 2006
Posts: 9,242
Likes: 1
R
Former Developer
Former Developer
R Offline
Joined: Jun 2006
Posts: 9,242
Likes: 1
The only security patched we've had to release was this one.

Rick #226303 05/07/2009 5:07 PM
Joined: Oct 2006
Posts: 46
W
newbie
newbie
W Offline
Joined: Oct 2006
Posts: 46
They only got into Threads. Not sure how. I don't really know how to look for forensics.

Joined: Mar 2008
Posts: 326
D
Enthusiast
Enthusiast
D Offline
Joined: Mar 2008
Posts: 326
Scope out your logs to see if any "odd" URLs were accessed.

Joined: Jul 2006
Posts: 96
A
member
member
A Offline
Joined: Jul 2006
Posts: 96
You should be running mod_security to protect apache, php and mysql from exploits.

Joined: Jul 2005
Posts: 137
Member
Member
Joined: Jul 2005
Posts: 137
One of my sites got hacked back in 2006 by a similar sounding hacker - at the time i think i was running 7.2.2 and originally thought that my SSH account had been compromised. As it turned out it was a php/mysql exploit.

I upgraded to the latest ubb version that was available, and have kept up to date with the versioning since and (touch-wood) have not had any similar experiences since.

Joined: Oct 2006
Posts: 46
W
newbie
newbie
W Offline
Joined: Oct 2006
Posts: 46
It's a real freakin' mess at the moment. We did a fresh install of UBB (http://www.scienceagogo.com/forum/ubbthreads.php) and UBB sees the database but can't pull any data from it. It's a frickin' disaster. Not sure what to do.:-(

Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
I can navigate/read threads on that link without issue...


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Gizmo #226313 05/08/2009 5:50 AM
Joined: Oct 2006
Posts: 46
W
newbie
newbie
W Offline
Joined: Oct 2006
Posts: 46
Fack! It magically came good! I have no idea what's going on here...

Joined: Oct 2006
Posts: 46
W
newbie
newbie
W Offline
Joined: Oct 2006
Posts: 46
OK, just noticed something. WHen I try to log in as the admin it says "Your account has been banned or locked. This ban will expire on May 09, 2009 12:46 AM. If the Administrator has specified a reason for this ban, you will find it below."

No idea where that came from. I'm guessing that if I delete m7y cookies I'll get back in again?

Joined: Oct 2006
Posts: 46
W
newbie
newbie
W Offline
Joined: Oct 2006
Posts: 46
Wow, if I try and log in as the admin I get a weird message (see above) and then it blanks everything. Doh, how does it do that... Any ideas? Presumably I need to trach the admin member and then recreate it. Not sure how I do that if I can't get in though...

Joined: Oct 2006
Posts: 46
W
newbie
newbie
W Offline
Joined: Oct 2006
Posts: 46
OK, went into MYSQL and manually changed the banned admin record. All now seems good. Hooray! Hopefully no hidde3n nasties in there yet to find! Folks, upgrade from 7.2.2!

Joined: Feb 2007
Posts: 1,294
Likes: 2
Veteran
Veteran
Joined: Feb 2007
Posts: 1,294
Likes: 2
There are other variables other then the UBB version like server setup and so on. You can not just blame the entire problem in 7.2.2.

JAISP #226318 05/08/2009 9:34 AM
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Originally Posted by JAISP
There are other variables other then the UBB version like server setup and so on. You can not just blame the entire problem in 7.2.2.
Agreed, hence my prior comments

Originally Posted by Gizmo
Do you have any other scripts installed on the server? It's more than likely they got hacked and he just defaced the more popular areas of your site (to take suspicion away from how he got in so he can do it again).

Other possibilities are that he guessed an admin password and logged in and edited a template...


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Gizmo #226319 05/08/2009 9:40 AM
Joined: Oct 2006
Posts: 46
W
newbie
newbie
W Offline
Joined: Oct 2006
Posts: 46
Sorry, didn't mean to offend:-)

Joined: Feb 2007
Posts: 1,294
Likes: 2
Veteran
Veteran
Joined: Feb 2007
Posts: 1,294
Likes: 2
Do you have PHPMyAdmin installed on your site? If so do you have it in a secure folder / directory requiring a user name and password to enter that directory?

Many times I see message boards "hacked", the proper term would be cracked, and destroyed and this is the case or something similar. A "hacker", proper term would be cracker, will never reveal how he got in or mess with that avenue over going after your most popular part of your site, your interactive material. He or she will always wish to return and enter back through that area once you have spent the time to restore your site and feel that you have "fixed" the problem. Them they will return once again to show you how good of a script kiddie they really are.

If you do not have full log access you most likely will never know how they got in unless you check everything for security or hire someone whom can do it for you.

Joined: Nov 2006
Posts: 3,095
Likes: 1
Carpal Tunnel
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095
Likes: 1
Originally Posted by Willzter
Sorry, didn't mean to offend:-)

I don't think anyone here is / was offended. We're just saying that there are many avenues of security involved and that it may not all be related to the UBB code. As stated by a few members here, you need to really scour the logs and review current settings, etc. If you don't have access then you need someone that does have access to help out or you could easily be going through this again.

I just did one on a Windows Server 2000 and it turns out that whomever set it up did not use any good best practices and basically left it open. Luckily at least Server 2003 comes out of the box so to speak a lot more secure than 2000 did, but it too needs to be shored up if you're going to have it Internet facing.


JAISP #226323 05/08/2009 1:45 PM
Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
If it were me the very first thing I would do is change all passwords for site access. FTP,MYsql user database,UBBAdmin password, Site control panel etc. Including anyone that was granted access to the site that has the same type of access as you.
Also on ftp access I would ensure you don't have any old FTP accounts that can access a area they should not.
Then I would make sure you have the security patch installed that Rick stated since it should apply to your version.

Then consider upgrading UBB


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Ruben #226326 05/08/2009 3:10 PM
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Yeh, it's just good security to make sure you're always running semi-current code for any scripts installed in your webspace.

Even then, system services on the server need to be monitored for security as well...

Then you have passwords, user emails containing passwords, etc etc etc...



I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!

Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
1 members (Ruben), 476 guests, and 111 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)