SnV Forums

[Its_The_Sneak!!!]

dang.

Oh well.

...
ooh, what if you moved your HTTP server to a different port, and then tell everyone which port to point their browsers to?
That way, he won't be able to get in unless he's able to do a port scan!
_________________
Come into my den let me hear you cluck
You can be my hen and we can f(Bu-GAWK)
A bite to the leg, it's time to play
Baby, let me be your egg that needs to get laid.
- CEO Nwabudike Morgan
"The Chicken of Lust"

[RockmanWilliam]

I won't resort to that yet. I kind of have him check mated as I'm posting this.
_________________

[RockmanWilliam]

[Its_The_Sneak!!!]

well, let's hope.
_________________
Come into my den let me hear you cluck
You can be my hen and we can f(Bu-GAWK)
A bite to the leg, it's time to play
Baby, let me be your egg that needs to get laid.
- CEO Nwabudike Morgan
"The Chicken of Lust"

[RockmanWilliam]

What would be the result if he did "render his forum"?


Should I report anything to phpbb team?
_________________

[Its_The_Sneak!!!]

... he probably means he'll have it under his control.

heh, unless he's going to redo the forum in 3D.
That'd be awesome.
_________________
Come into my den let me hear you cluck
You can be my hen and we can f(Bu-GAWK)
A bite to the leg, it's time to play
Baby, let me be your egg that needs to get laid.
- CEO Nwabudike Morgan
"The Chicken of Lust"

[RockmanWilliam]

He's not going to have control. I think it has something to do with virinfluence's anonymous ftp leading DIRECTLY into his public html. That would explain why thus far the hacker hasn't been able to do anything with fuxxor yet.
_________________

[Its_The_Sneak!!!]

well, he might be hard at work cracking your FTP password then.
or barring that, your forum password.
Better change it.
_________________
Come into my den let me hear you cluck
You can be my hen and we can f(Bu-GAWK)
A bite to the leg, it's time to play
Baby, let me be your egg that needs to get laid.
- CEO Nwabudike Morgan
"The Chicken of Lust"

[RockmanWilliam]

[beyonder]

Getting the ftp login for a cpanel server(yes, i checked, fuxxor.net and virinfluence.net are both using cpanel.) is trivial once you have admin access on a phpBB forum. You just cause an SQL error, and it will tell you the username used to query the database. This will be login_subname, where "login" is the cpanel and ftp login, and "subname" is whatever name you gave to the db user(unless you used the main database login, in which case it's just going to be that, which is also the ftp login. gasp). You could even do this without admin access, however it's harder to cause the type of error you need.

And the address is just the same as the address for http access...

The only issue would be the password, really.

But then, back to how you think they got in...

If you have read access to the ftp, you can just grab the config.php from the phpBB directory. This will have the database username/password in it! Of course, once somebody has that it's just plain over for the forum.

So basically, having config.php publicly readable is a bad idea. Especially if you use the same password for MySQL as for other things, but I'm guessing you wouldn't do that.
_________________

[RockmanWilliam]

Actually my lazy *bleep* just used fantastico and got the funky database name and user. He can't do anything. All my public ftp options or set to off, so he can't go browse the config files. From what you're telling me, I'm safe.


But how does he get the phpbb forum user passwords, if that is infact what he does?
_________________

[beyonder]

Safe if that's actually how he got in, and doesn't know another way in. There is a known exploit in phpBB involving remote avatars and session hijacking, but that would be extremely tricky to pull off, and relies on some settings on the board. I wouldn't worry about that too much. Other than that, I don't know what else is running on your host, so I wouldn't be able to tell you how to protect yourself too well.
_________________

[RockmanWilliam]

[beyonder]

Should be in my profile...
_________________

[Hoff]

Anyways, he hasn't really done anything yet. If I was a legitimate hacker, I wouldn't go out and give warnings to the people I'm about to screw over or tell them that their site will be dead "in a week". I'd just go screw them over and leave.


LIKE A NINJA.