Saint_Michael
May 20 2008, 06:13 AM
Since January, hackers have hit hit over 500,000 website, with everything you could possible imagine; viruses, trojans, malware etc etc. As for the types of websites, sadly to say, these websites who are getting hit are running PHPBB forum and the worse part is htey don't mention which version of the phpbb forums are getting hack. So it is safe to say any version below 3.0 is hackable and maybe even 3.0 itself. As for some of the stuff that is being transmitted are old and new, but one trojan has been identified and it is the Zlob Trojan or rather variations to the Zlob Trojan. The last major attack happen 3 weeks ago, as government sites and United Nation websites received the blunt of this attack and as usualy the blame was being password around such as Microsoft's IIS and SQL server, but Microsoft denied that a couple of days later. As for how this process is done it is pretty simple: QUOTE Visitors to a hacked site are redirected through a series of servers, some clearly compromised themselves, until the last in the chain is reached; that server then pings the PC for any one of several vulnerabilities, including bugs in both Microsoft Corp. 's Internet Explorer and RealNetworks Inc. 's RealPlayer media player. If any of the vulnerabilities is present, the PC is exploited and malware is downloaded to it. So I if your one of those heavy forum modifiers you better want to make sure the holes and patches are fixed or your website will be constantly compromise and what not. So you may want to get a hold of phpbb support or check out hte forms to see what is up with this problem and finding out how it can be fixed. SOURCE
Reply
Inhuman
May 20 2008, 06:19 AM
As long as Lithium and Invision stay safe, I'm a happy camper. And anyone who hacks to upload malicious software is really just a wussy. It's terrorism behind the safety of their closed doors.
Reply
Plenoptic
May 20 2008, 04:10 PM
That makes me glad that I am currently not running a forum because I generally would use PHPBB but I had 3.0 before. I guess I will have to switch to SMF or something else free unless I pay the $100 so I can purchase Invision. Good luck to all of those running PHPBB.
Reply
chappill
May 20 2008, 04:45 PM
QUOTE That makes me glad that I am currently not running a forum because I generally would use PHPBB but I had 3.0 before. I guess I will have to switch to SMF or something else free unless I pay the $100 so I can purchase Invision. Good luck to all of those running PHPBB. OOps thats me lolz better go try fix it or get another forum =[
Reply
A200
May 20 2008, 09:39 PM
I use phpBB3... never ever had any security issues at all with it. And if I do, you can be sure that I would let the phpBB3 team know. I also asked one of my friends to read through its code and there was nothing there he considered dangerous. I do have MODs installed, but only simple ones that won't compromise the security of my site.
Reply
hitmanblood
May 21 2008, 11:26 AM
hmm interesting thing however I think that this has something more to do with XSS that is cross site scripting then with the forum itself and they have probably made or found some vulnerability in the forums that gave thema bility to redirect users from the forum itself to some malicious site. Because PHPBB forums are quite safe in a way and I haven't heared a lot of problems on their end. But as alwways there is also other possability and that is that they are not hacking those forums but merely using some service that is generating forums and subdomaines you knwo what I mean those free services that offer forum and subdomain. So what might have happened is that they have hacked some and such service and then changed code behind it so that some of the users would get redirected and voala you've got yourself several thousands slave computers. Easy doesn't it. Good Luck everyone But I will still prefer PHPBB against any other forum probably for some time in the future. Also I have it set up though there is no any activity it is good for experimenting. http://forum.zedsi.com
Reply
Saint_Michael
May 21 2008, 06:12 PM
That is what I am thinking to about the free forum makers as well, but of course I wouldn't be surprise if they brute force their way in because of some simple log in, like admin and password. However, some of the government sites I wouldn't doubt they are using full version software and not going to one of these free sites because that wouldn't make much sense, and yeah I would have to agree that XSS could be another factor. Of course they don't tell what version is being used so it is hard to say who is more affected by this.
Reply
delivi
Jul 5 2008, 08:04 PM
I don't expect this to happen with phpBB 3, which is more professionalistic than its previous versions. So the problems might be because of some older phpBB versions. As mentioned in the report the attacks have affected only IIS, that is windows servers. So nowadays people who host projects or sites in OpenSource languages especially PHP, Java, Python or Ruby host only on Linux Servers, so this threat will have no impact on them. But still it is always advisable that you keep your softwares updated and patched.
Reply
i_speel_good
Jul 6 2008, 09:53 AM
SMF and FireFox win! I've heard of many PHPBB vurnerabilities... It's just horrible waking up one day and seeing everything lost... Poor people hacked 
Reply
Recent Queries:--
hacking into phpbb forums and gain admin access - 10.28 hr back.
-
brute force password windows phpbb forums - 54.22 hr back.
-
phpbb2 hijacked forum fix - 76.52 hr back.
-
zlob trojan phpbb - 76.61 hr back.
-
gain access phpbb - 123.22 hr back.
-
phpbb forum admin read pm - 162.52 hr back.
-
phpbb hijack 2008 - 180.74 hr back.
Similar Topics
Keywords : hackers, hijack, half, million, sites, phpbb, forum, users, read
- Hackers Focus Efforts On Firefox, Safari, And Office
(1)
Hole In Microsoft Messenger Program Requires A Immediate Update
For Users of MSN Messenger 6.2, 7.0 and 7.5 versions of MSN Messenger (0) SOURCE Well it seems that Microsoft found a huge hole in MSN Messenger that was bad enough that
they want people to upgrade to the current Messenger which is Live 8.1 or something like that. As
for details on the problem they just said the following, "..which let hackers embed malicious code
in Web chat invitations to users." and that they found this problem in "6.2, 7.0 and 7.5, as well as
Windows Live Messenger 8.0." Although it was interesting to know that people were actually
complaining about Live Messenger being a resource hog, well the last time I check msn w....
Mcafee Lets Users Download Rootkit Program For Free
(2) Since the beginning of 2007 a lot of the security reports I have been reading have mentioning about
hackers using rootkits to get into people's computers. Google defines a rootkit as a set of
programs used to hack into a system and gain administrative-level access. Once a program has gained
access, it can be used to monitor traffic and keystrokes; create a backdoor into the system for the
hacker's use; alter log files; attack other machines on the network; and alter existing system
tools to circumvent detection. Rootkits are an extreme form of System Modificatio....
Interesting New Ie - Firefox Bug ( A Must Read Asap)
FF 2.0.02 and up users need to know about this (3) Well it has finally happen and strangely enough I didn't really think about it until now, but it
seems a security team found a very high level bug that requires both Internet Explorer 7 and
Modzilla Fire Fox. This is the jist of the bug; QUOTE The root of the matter is a Firefox
uniform resource identifier (URI) that allows Web sites to force Firefox to launch with the
"firefoxurl://" URI, Secunia reported. The way in which the URI handler is registered by Firefox
causes any parameter to be passed from IE (or another application) to Firefox when the "firefoxurl....
Security Guidelines For Internet Users
(6) Security Guidelines for Internet Users 1. Install an anti-virus software, you can free ones like
AVG Free . Ensure that it's regularly updated - this is of the utmost importance. 2.
Anti-virus software is not enough, the security can be tightened using a firewall software which
will help you prevent unauthorized incoming and outgoing communications from your computer while
connected to the Internet. 3. Disconnect your computer from the Internet when not in use. The
longer you are connected to the Internet, the more opportunity you give for persons to gain un....
Microsoft Update Program Being Used By Hackers
(6) Although I am bit surprise that no one really take about way back then, but it seems the hackers and
crackers I starting to use the microsoft update downloading to transmit there malware and torjans to
compromised computers. The reason being is that the Microsoft update program bypasses firewall
security protocals and so when that malware is getting download, your firewall and virus programs
will not pick it up. I know a few people turn it off and either download them manually or don't
download them at all. So to toss out a warning, when you get he windows update ....
Spammers, Hackers Seize On Virginia Tech Shootings
(3) Ok to me I consider the sickest form of human idiots ever, bad enough you have some people mocking
the shooter but now you got people using spam and hacking computers by using the Virginia Tech
shootings, This person should be found and beating for using a tragic event like this and trying to
profit from it. The spam/hack goes like this QUOTE If clicked, the link caused a computer to
automatically download a malicious screensaver, called TERROR_EM_VIRGINIA.scr by Sophos, which
installs a Trojan horse program that collects banking details, Cluley said. It was a....
Skype & P2p Users - Beware About These Following Worms
(2) With the Skype worm it a simple process of your computer getting infected the worm grabs all the
emails that your skype account has and sends a Instant message to click on this which also downloads
a trojan so other malicious software can installed on that infected computer. Also a person is
directed at least 8 which in the most likely case are scam sites to of course get that person's
info, but so far it hasn't cost any real damage like some of the other attacks skype has seen in
the past. SOURCE Here As well all know everyone is in the P2P since napster an....
Prank Phone Virus That Can Kills Sends Pakistan Mobile Users Into Hysteria
(0) Although not a big secuirty risk more like something interesting about what human mind viruses can
do ot a person once they recieve a message. On friday pretty much all hell broke loose in Pakistan
when people start recieving, hear, readying about a message that a Virus sen through a mobile phone
will kill people and so every mobile user in Pakinstan went into a craze and cllaed their providers
to see whats going on. The message alos mention that 20 people have died so far, of course they
make mention about the movie "The Ring" in which once a person watched this kil....
Myspace Has A Team Of Hackers
(7) I found this to be very interesting, a group of hackers routinly attack Myspace to find flaws and it
looks like they have already started finding them /laugh.gif" style="vertical-align:middle"
emoid=":lol:" border="0" alt="laugh.gif" /> I find it funny that they actually told Myspace that
they were going to do this, although I doubt they could find them anyways. /laugh.gif"
style="vertical-align:middle" emoid=":lol:" border="0" alt="laugh.gif" /> But again they already
found one which has to do with the url set up of which I won't post because of the legality o....
Hijack This Log
Pop up problems (2) My sis's computer is having pop up issues. (even in firefox)I dealt with this problem myself a
while back but forget exactly how I fixed it. I ran hijack this. could someone take a look at my
log file pls. QUOTE Logfile of HijackThis v1.99.1 Scan saved at 11:23:20 PM, on 07/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running
processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\s....
Could You Be Infected With Hidden Trojan?
continuation of DNS hijack (9) This post is the continuation of my previous post DNS Hijack SearchAtHand.com Browser Result
Removal but deserves its own topic. This trojan, not new but something that's been going
around the web for few years, seems to be quite strong and hard to get rid of. The reason is that it
randomly changes its full file name when a weak anti-spyware attempts to remove it improperly. I
have been using Spybot Search & Destroy and Norton Anti-Virus Corporate Edition for many years and
have never seen such a resilient torjan. Recently I have tried AVG Anti-Spyware but it too....
DNS Hijack SearchAtHand.com Browser Result Removal
this is a browser hijack and method of removing (6) Recently, I don't know when, I realized that my browser was opening some weird pages. It would
either open to what it seemed to be a valid webpage but it always looked the same. But the contents
will be text only but always with adult related links... so I was curious but never paid any
attention since these pages were coming up only when I mistyped an URL address. But the pages
popped up were always the same and it got me curious. So I started to click on refersh and see how
far it will lead. At the end, it led to a site called "SearchAtHand.com" After few minutes ....
Phishers Target Google Gmail Users
Be Careful GMail Users (12) QUOTE IT security experts warned today of a "widespread phishing email campaign" that tries to
swindle unwary recipients by pretending to offer a cash prize from Gmail, Google's popular free
email service. The emails claim that the recipient has been randomly selected for a $500 cash
prize, and that the money can be paid automatically if they click on the embedded web link. Part of
the email reads as follows: 'You won $500! Gmail congratulates you!
CONGRATULATIONS! YOU WON $500! Gmail gives members random cash prizes. Today....
Attention All Ipb Users/admin
Important exploit discovered! (6) Invision Power Board v2.1.6 © 2006 IPS, Inc. This is what it is written on the bottom of the
board. Not so long ago, i was surfing somewhere, (i wont say where) and i discovered a "sql
injection"exploit, a perl script. QUOTE(step28 in the hack) 28. Reload and click on the
username to the admin. You are now logged in as an ADMIN!!! Admins, pm to receive
the link where i found this. with this hack, you can log in with any user without his pass.
It's really easy to do, you just need PERL, Opera webbrowser and 3 minutes fo your life... ....
Firefox's Answer To Ie's Phishing Filter?
users of the sacred browser can breathe once more! (5) SiteAdvisor - Firefox's Answer To IE's Phishing Filter? A site-warning plugin
for ie and firefox Name: Site Advisor Url: http://siteadvisor.com Download:
http://www.siteadvisor.com/download/ff.html Rating: 9.75/10 Improvements: Not all sites are on
their database but many of the popular ones are so index all webistes. SiteAdvisor is a simple and
easy to install extension created for firefox which checks to see if the site you are on is "bad"
from its database of urls. Once the results have reached your browser a notificatio....
Popular Applications Are Creating Holes In Your Os
photoshop and aol users were most at risk (21) Popular Applications Are Creating Holes In Your OS Nearly every computer owner nowadays
knows how to keep their computer safe by running regualar virus scans and keeping spyware scanners
up to date. Well researchers at Prinston University say that this is not enough. They have found
many popular applications which open doors up to allow various attacks. Among the discovered
culprits were Adobe Photoshop and AOL Instant Messengar . Fortuneately, these products which had
the worst written code out of all those which were found, have fixed their code. Earlier ....
Astahost Forum Access?
unable to view the forum (6) A friend of mine who has an account with astahost told me he's unable to access the website.
Only advertising and search engines pop up. He tried it from different computers, and i've tried
it too, with the same results. He was rather agitated as he had just come back from a trip and only
had a day's worth of credits left, with no way now to post and get more. What's up with
astahost, anyone?....
Phpbb 2.0.18
Released on the 31st (12) To anyone out there using phpBB, the next release has been sent out. Report:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756 Download:
http://www.phpbb.com/downloads.php Additional Download for the Changed Files Only:
http://www.phpbb.com/files/releases/change...8_repackage.zip I found an error! One of the
reports was made by myself. Even though it was not a bug, it was about the cosmetic display on the
index page concerning the subSilver template. As people may have noticed, the ''Mark all
forums read'' is displayed before you even....
[exploit] Phpbb <=2.0.12 Vulnerability.
How to be Admin on phpBB in Simple steps (2) Another vulnerability in PHPbb based forums that can be used to easily gain any user level access to
the forum. Even the admin account is not not secure with the default setup. Click Here for more
details about -"How to be Admin on phpBB in Simple steps!" And here is the Homepage of
PHPbb and click here to download the latest version.....
[exploit] Phpbb 2.0.15 "viewtopic.php"
Remote PHP Code Execution Exploit (3) phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print
"\nphpBB 2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org"
print " well, just because there is none." import sys from urllib2 import Request, urlopen from
urlparse import urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' '
ENDTAG = ' ' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += ....
List Of Security Sites
(7) List of security sites, I'll try to update the list as soon as I can . with compilations of
recent security threats, Global Incident Analysis Center (GIAC), GIAC training, and Reading Room
http://www.sans.org/ http://www.infragard.net/ http://www.cert.org/security-improvement/
CERT Security Improvement Modules,including general information on firewalls and intrusion
detectors. excellent set of papers on firewalls, viruses, e-commerce, etc. http://www.icsa.net/
http://www.gocsi.com/ (Source of the annual "CSI/FBI Computer Crime and Security Su....
New Worm, M$ Users, Be Warned!
WORM_ZOTOB.D and WORM_RBOT.CBQ (11) New Virus is emerging. Microsoft users, be alerted!. This is one of the reason why i dont really
like M$ stuff, but still, i need it really much despite of its problems QUOTE Dear Trend
Micro customer, As of August 16, 2005 5:12 PM (Pacific Daylight Time; GMT-7:00), TrendLabs has
declared a Medium Risk Virus Alert to control the spread of WORM_ZOTOB.D and WORM_RBOT.CBQ.
TrendLabs has received several infection reports indicating that this malware is spreading in
Brazil and the U.S.A. WORM_ZOTOB.D is a memory-resident worm that drops a copy of itself in ....
And Again A New Phpbb
phpBB 2.0.17 (17) Again got me a nice email from phpBB group...: QUOTE Hi everyone, phpBB Group announces the
release of phpBB 2.0.17, the "no, we did not forget naming it last time" release. This release
addresses several bugfixes and some low security issues as well as the recently seemingly
wide-spread XSS issue (only affecting Internet Explorer). Please have a look down this announcement
for the code changes necessary to fix the XSS issue, we are again astounded about the energy people
put into finding the smallest issue in phpBB 2.0.x, those must have a lot of time available. ....
Phpbb 2.0.16 Is Out!
A new version again... (8) PhpBB, one of the most popular PHP based forums is here out in the form of a new version - 2.0.16. A
few critical issues were corrected, but other than that, nothing special... Still waiting for
Olympus /sad.gif' border='0' style='vertical-align:middle' alt='sad.gif' /> QUOTE Hi
everyone, phpBB Group announces the release of phpBB 2.0.16. This release addresses some bugfixes
and one critical security issue. To fix this, please apply the following change: In viewtopic.php
Find: CODE $message = str_replace('"', '"', substr�....
Phpbb Upload Script "up.php" Arbitrary File Upload
(0) To: BugTraq Subject: phpBB Upload Script "up.php" Arbitrary File Upload Date: Apr 8 2005 2:21AM
Author: Status-x Message-ID:
##################################################################### Advisory #1 "phpBB Upload
Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: phr4xz gmail com -
status-x hackersoft net $ Date: 7 April 2005 $ Website: http://defacers.com.mx $
Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor
URL: http://phpbb.com $ Affected Software: phpB....
Phpbb 2.0.15 Is Out!
(15) phpBB 2.0.15 is out! It has a few bugfixes and improved security features. Don't wait to be
a victim of an exploit! You can download it from here: http://www.phpbb.com/downloads.php
Here is the notification e-mail that I have received: QUOTE("The phpBB team") Hi everyone,
phpBB Group announces the release of phpBB 2.0.15, the "summer needs to be hot" release. This
release addresses some bugfixes and addressing some security issues, one being serious. With this
release the admin re-authentication security feature from phpBB Olympus has been backported....
Bugs Found In Phpbb 2.0.13
PhpBB 2.0.14 released to fix them (8) Recently, a few exploits were made for phpBB 2.0.13 (like this one):
http://lists.virus.org/bugtraq-0503/msg00109.html And some bugs were noticed as well (like this
one): http://www.addict3d.org/index.php?page=vie...ecurity&ID=3563 And so, the phpBB team has
released a new version of phpBB - 2.0.14. Here is the e-mail that I have received from their mailing
list: QUOTE(phpBB list) Hi everyone, phpBB Group announces the release of phpBB 2.0.14, the "We
know we are (not) furry" edition. This release addresses some bugfixes as well as fixing some minor
non-critic....
Phpbb Exploit
(17) Recently, an exploit has been found out that allows people to use their cookies to gain access to
the ACP. And Firefox assists with it /ohmy.gif' border='0' style='vertical-align:middle'
alt='ohmy.gif' /> ! Basically what happens that is when you visitthe phpBB forum, it logs a
cookie containing your Session ID (Basically who and when you are). What it does, after much
decoding and encoding, is allows you to replace your SID with the admin's, thus enabling them to
gain access. To fix this, upgrade to the latest version of phpBB, 2.0.13. Dun dun dunnnnn! B....
Phpbb Hackers
LOL (21) I got an email today: The following is an email sent to you by an administrator of "KORUPTION OWNZ
YOUR S****Y SITE". If this message is spam, contains abusive or other comments you find offensive
please contact the webmaster of the board at the following address: korupted@korupted.com Include
this full email (particularly the headers). Message sent to you follows:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dear members. Your petty website has been hacked. The hacker's
name is Koruption. Next time dont use a outdated verison of phpbb b***hes So im a bit pissed off
and chec....
Looking for hackers, hijack, half, million, sites, phpbb, forum, users, read
|
|
Searching Video's for hackers, hijack, half, million, sites, phpbb, forum, users, read
|
advertisement
|
|
