|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
Six hours ago my forum was hacked. The config.inc.php was replaced with this text. I replaced that file with a previous file, but now I'm getting "we encountered an error" messages - maybe it was a previous version? How do I fix this error - and how do I prevent the hack from occurring again?
The replacement file looked like this:
----------
<html dir="rtl">
<head> <meta http-equiv="Content-Language" content="ar-jo"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1256"> <title>SQL Was Here</title> </head>
<body bgcolor="#000000">
<p align="center"> <img border="0" src="http://i1-news.softpedia-static.com/images/news-700/MySQL-Com-Hacked-by-D35Mond142-Member-Credentials-Leaked.gif" width="650" height="318"></p> <p align="center"><b><font size="5" color="#FF0000"><span lang="en-us">Mahmoud SQL </span></font></b></p> <p align="center"><b><span lang="en-us"><font size="5" color="#FF0000">For Contact</font></span></b></p> <p align="center"><b><span lang="en-us"><font size="5" color="#FF0000">Jordan@hotmail.com</font></span></b></p> <p align="center"><span lang="en-us"><font size="5" color="#FF0000"><b> facebook.com/alaqarbawi</b></font></span></p> <p align="center"> </p> <p align="center"> </p> <object width="400" height="40" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/ pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0"> <param name="SRC" value="http://error-404.do.am/50256-h4ck3d.swf"> <embed src="bookmark.swf" width="400" height="40"> </embed>bookmark.swf </object> </body>
</html>
|
|
|
|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
The database looks all right - I removed write access from this directory and changed my database passwords. The database content seems intact. However, even replacing the config.inc.php with a valid one, I get UBB message that the database error is only visible to administrators. How do I get to that error?
|
|
|
|
Joined: Jul 2006
Posts: 4,057
|
Joined: Jul 2006
Posts: 4,057 |
It could be the database user name and password not being correct.
I think I got an error like that when I set it up locally.
Gutted you have been hacked. I hope ubb post update advice just so we can all check for possible exploits.
BOOM !! Version v7.6.1.1 People who inspire me Isaac ME Gizmo
|
|
|
|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
Mark -
One of the first things I did was change both the root and regular user passwords for the database. I then updated that information in the config.inc.php file to match. So those two are in sync. Is there something else I need to change?
How do I get in as an administrator in order to see the actual error? That might help.
The forums are still down, as I try to figure out how to get this to connect again. I put up a placeholder.
We're a charity site - it's frustrating that someone would think it's fun to destroy us like this.
|
|
|
|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
Also, I have the internet user account set to NOT have write access to the main forum directory and they just created a new file there this morning. How are they writing a file into a directory that they shouldn't have write access to?
|
|
|
|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
I'll note that I had FlashChat in with the forums, because originally I had the chat system using the forum logon. I found some hacked files in there. I don't know if they just used that as a convenient dumping place for their files, it seems like they were putting files all over.
I'd appreciate any thoughts on how they are getting in, so I can shut it off.
|
|
|
|
Joined: Dec 2003
Posts: 6,568 Likes: 78
|
Joined: Dec 2003
Posts: 6,568 Likes: 78 |
The database looks all right - I removed write access from this directory and changed my database passwords. The database content seems intact. However, even replacing the config.inc.php with a valid one, I get UBB message that the database error is only visible to administrators. How do I get to that error? goto: http://www.ubbwiki.com/article/view/1/database-error-only-visible-to-forum-administrators.html
Blue Man Group There is no such thing as stupid questions. Just stupid answers
|
|
|
|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
Thanks, Ruben. The config file looks fine, so I'm not sure that it would be that.
I turned on showerror and got this:
We encountered a problem. The reason reported was Script: Line#: SQL Error: Access denied for user '***usernameremoved***'@'localhost' (using password: YES) SQL Error #: 1045 Query: Unable to connect to the database!
Please click back to return to the previous page.
|
|
|
|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
ok my boyfriend lent a hand and spotted a change I had to make - I think the forums are up again now. Now to make sure all the permissions are set properly with the control panel tool.
|
|
|
|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
OK the cache is showing an error with that tool. I'm nervous about allowing write directory access. I set it to IUSR to have write access - that's correct, yes? And that isn't a risk?
|
|
|
|
Joined: Dec 2003
Posts: 6,568 Likes: 78
|
Joined: Dec 2003
Posts: 6,568 Likes: 78 |
My cache folder is set to 777 but that is linux. Which is read,write,execute for owner,group,public. Not sure what is comparable to windows. But there also is a blank index.html file to help stop indexing files.
Last edited by Ruben; 10/20/2013 6:42 PM. Reason: Added Comment
Blue Man Group There is no such thing as stupid questions. Just stupid answers
|
|
|
|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
On Windows, there's an actual setting you have about looking at directories vs not looking at them, and I set that to "not look". So I think that's how Windows handles it.
So it's OK to have it write? Doesn't that mean that people can randomly write things into that directory? Or does it not work like that?
|
|
|
|
Joined: Jul 2006
Posts: 4,057
|
Joined: Jul 2006
Posts: 4,057 |
I would set your forums up with normal permissions etc. Thats your working base. As you say passwords have been changed so your ok. Then tweak permissions and see if the forums fall over. Its ok to be paranoid it keeps us all on our toes.
Hope you get it sorted.
Mark
BOOM !! Version v7.6.1.1 People who inspire me Isaac ME Gizmo
|
|
|
|
Joined: Dec 2003
Posts: 6,568 Likes: 78
|
Joined: Dec 2003
Posts: 6,568 Likes: 78 |
Well the cache builders scripts need permission to write to the cache folder. Otherwise.the islands will not update. And if you clear cache they will not be rebuilt at all.
You should have a blank html file in the folder to stop anyone from browsing to the folder to see the files and in my case I have a option in cpanel to turn off indexing completely so even if the html file was missing you can't view the file structure.
Blue Man Group There is no such thing as stupid questions. Just stupid answers
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
flashchat should be removed, ASAP that has serious security problems that will spill over and invite re-hack
|
|
|
|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
I did remove flashchat. I'll have to find an alternative for our chats. We've had that running for maybe 10 years or so, so it's a shame it had to go.
I would love a utility that verifies that all directories are locked as tight as possible. The current one shows which ones aren't open. I'd like a utility that I run on the system and it verifies everything is as secure as possible.
|
|
|
|
Joined: Jun 2006
Posts: 16,304 Likes: 116
|
Joined: Jun 2006
Posts: 16,304 Likes: 116 |
The pJirc modification at UBBDev is a good replacement; relies on 3rd party IRC servers, so your users may appreciate the ability to utilize their own 3rd party chat clients.
|
|
|
|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
I'm going to test out a cheap ($100) video chat server software that I found, this weekend. I'll let you guys know how it works.
|
|
|
|
Joined: Nov 2013
Posts: 3
stranger
|
stranger
Joined: Nov 2013
Posts: 3 |
I think I got an error like that when I set it up locally.
|
|
|
|
|
Test
by Phun - 05/28/2024 7:31 PM
|
|
1 members (Baldeagle),
468
guests, and
209
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|