Hacked Hacked, my site hacked

SuperMAG · 2008-06-09 20:37:27

http://www.sportstv.co.cc/index.html

althrough he didnt deleted any thing. i will restore it now ... i will give you reports later

Felix · 2008-06-09 21:10:42

And what has this to do with "Troubleshooting" of FluxBB?

Did you use FluxBB on that site?

Reines · 2008-06-09 21:17:21

Has nothing to do with fluxbb, if he managed to upload a new file (index.html) then he must have access to your hosting account (ftp), which can't be gained through fluxbb.

Felix · 2008-06-09 21:23:03

Tho it could be obtained thru a Remote File Injection or direct PHP Executing... But I doubt that there is such a bug in FluxBB.

Last edited by Felix (2008-06-09 21:23:19)

Reines · 2008-06-09 21:34:19

Felix wrote:

Tho it could be obtained thru a Remote File Injection or direct PHP Executing... But I doubt that there is such a bug in FluxBB.

Well true, though only if PHP has write access to his root folder, which is fairly uncommon.

Utchin · 2008-06-09 21:56:17

i looked at the site once, i though it was using mega pun.. ?

SuperMAG · 2008-06-09 22:28:15

yes megapun is fluxbb as you guys insisted on other topic ...
and i didnt thought of any other forum to post.

i chatted with him and he said it was a hosting server that was hacked. it was a secuity warning.

all the sites are down now. sorry for worng place to post.

Strofanto · 2008-06-10 07:42:01

What PHP and Apache version does your host run?

Mark · 2008-06-10 13:10:44

no no no... mega pun is PunBB not FluxBB
and it is a modification so not PunBB's fault nor is it FluxBB's fault.

Felix · 2008-06-10 15:31:51

Well, to analyze the hack, we need the Apache Log Files
With tihs we could solve the problem.

SuperMAG · 2008-06-10 16:22:29

well its a host problems. so. i cant even contact them. and i dont know how to get apache logs etc.

i already signed uepd in another host. and my site will be online when the domain dns changes. so problem solved.

thanks any way felix.

oh and

La`me wrote:

no no no... mega pun is PunBB not FluxBB
and it is a modification so not PunBB's fault nor is it FluxBB's fault.

megapun is highly modified of punbb from only punbb mods. so it is considered as part of fluxbb currently.

Utchin · 2008-06-10 16:44:42

yeah it wasnt the fact that is not fluxbb but it could be any one of the mods installed or a custom code, so it woudnt be easy to bug track, that as the point i was trying to make

Felix · 2008-06-10 21:20:25

Utchin wrote:

yeah it wasnt the fact that is not fluxbb but it could be any one of the mods installed or a custom code, so it woudnt be easy to bug track, that as the point i was trying to make

Well to execute PHP Code there has to be either a code injection possibility (And I doubt that anyone passes PHP Code for execution in their url [otherwise he should stop coding] ) and the other one is a remote file injection.

Both can be seen by the apache logs, cause every request is listed there (at least with the right configuration).

Reines · 2008-06-10 21:31:12

Felix wrote:

Utchin wrote:
yeah it wasnt the fact that is not fluxbb but it could be any one of the mods installed or a custom code, so it woudnt be easy to bug track, that as the point i was trying to make
Well to execute PHP Code there has to be either a code injection possibility (And I doubt that anyone passes PHP Code for execution in their url [otherwise he should stop coding] ) and the other one is a remote file injection.
Both can be seen by the apache logs, cause every request is listed there (at least with the right configuration).

Other option would be badly designed attachment mod or upload forms, though I guess you could just find the IP that first accessed the new files and track back to where it "got in".

Last edited by Reines (2008-06-10 21:32:08)

Smartys · 2008-06-10 21:31:42

Nothing is quite that simple.

PunBB had a code injection vulnerability that had to do with how we did includes in templates and how XSS vulnerabilities could take advantage of that system. We also had a null byte vulnerability that allowed a malicious admin to upload a PHP file. You would likely not be able to tell either of those just from the access logs, without other knowledge.

That being said, if it's a host issue then my guess is the person just bought an account and found that he could use the webserver to write to everyone's public_html directory. The access logs would reveal nothing, in that case.

The access logs are a very useful tool and a good first step for debugging (I managed to fix an annoying CAPTCHA bug in some software I was writing by seeing how requests were being made in the access log), but they do not hold a great deal of information and they will not always be useful.

SuperMAG · 2008-06-10 21:42:58

he said that he hacked the whole server. and all the sites on that server is showing same page. and also hosting site. it was 1700 or 17000 sites , i cant remember. i quickly moved.

if i remember correctly there was a member nick-newman in punbb said that his site was hacked. he used the same hosting as mine. woeps.com

oh well the hosting is still down. if its ever up again i will ask them to give the apache logs if it is usefull for fluxbb.

Reines · 2008-06-10 21:53:26

SuperMAG wrote:

he used the same hosting as mine. woeps.com

There's a thread claiming they are a new company and looking for clients, from march this year (same month their domain was first registered) on WHT, yet it says in the FAQ they own 230 dedicated servers in 3 different datacenters.

Seems fishy and amateur, guess you figured out the hard way, but definitely worth avoiding.

Smartys · 2008-06-10 21:53:33

Nope, not useful at all, just a bad host.

SuperMAG · 2008-06-11 01:51:52

ok good thanks guys

Reines wrote:

SuperMAG wrote:
he used the same hosting as mine. woeps.com
There's a thread claiming they are a new company and looking for clients, from march this year (same month their domain was first registered) on WHT, yet it says in the FAQ they own 230 dedicated servers in 3 different datacenters.
Seems fishy and amateur, guess you figured out the hard way, but definitely worth avoiding.

yes i heard that too. i came from there. it looked very fishy but i thought if it work then it work lol. it was fine 4 months i hosted with them.

Hemen · 2008-06-17 12:32:12

it stays "This domain is under examination at the moment.

It will be finished within 24 hours!" on the siste O_o

SuperMAG · 2008-06-17 22:47:20

this is an old topic. the problem was already fixed

quaker · 2008-06-18 01:46:31

Mega Pun is Powered by PunBB

Q

Forums

#1 2008-06-09 20:37:27

Hacked Hacked, my site hacked

#2 2008-06-09 21:10:42

Re: Hacked Hacked, my site hacked

#3 2008-06-09 21:17:21

Re: Hacked Hacked, my site hacked

#4 2008-06-09 21:23:03

Re: Hacked Hacked, my site hacked

#5 2008-06-09 21:34:19

Re: Hacked Hacked, my site hacked

#6 2008-06-09 21:56:17

Re: Hacked Hacked, my site hacked

#7 2008-06-09 22:28:15

Re: Hacked Hacked, my site hacked

#8 2008-06-10 07:42:01

Re: Hacked Hacked, my site hacked

#9 2008-06-10 13:10:44

Re: Hacked Hacked, my site hacked

#10 2008-06-10 15:31:51

Re: Hacked Hacked, my site hacked

#11 2008-06-10 16:22:29

Re: Hacked Hacked, my site hacked

#12 2008-06-10 16:44:42

Re: Hacked Hacked, my site hacked

#13 2008-06-10 21:20:25

Re: Hacked Hacked, my site hacked

#14 2008-06-10 21:31:12

Re: Hacked Hacked, my site hacked

#15 2008-06-10 21:31:42

Re: Hacked Hacked, my site hacked

#16 2008-06-10 21:42:58

Re: Hacked Hacked, my site hacked

#17 2008-06-10 21:53:26

Re: Hacked Hacked, my site hacked

#18 2008-06-10 21:53:33

Re: Hacked Hacked, my site hacked

#19 2008-06-11 01:51:52

Re: Hacked Hacked, my site hacked

#20 2008-06-17 12:32:12

Re: Hacked Hacked, my site hacked

#21 2008-06-17 22:47:20

Re: Hacked Hacked, my site hacked

#22 2008-06-18 01:46:31

Re: Hacked Hacked, my site hacked

Board footer