Reason for Forum being hacked
Reason for Forum being hacked
There was a worm going around looking for all forums that use the phpBB, it took advantage of a flaw in the phpBB code and messed up a lot of forums on the internet. There is more info on the phpBB site about this I believe.
-
WalterWzK
Thats right, santy's work. Santy is a worm that is capable of defacing a phpbb forums and writing itself into the forum for further infection of other forums.
Solution:
1. Create a SQL Backup of the forum wich cant be infected
3. Install a fresh new phpbb forum
4. Install the latest patch from www.phpbb.com
5. Put the SQL backup back in place
Also there comes a online tool that runs trough the phpforum toy would like wich checks for infection and replaces the infected files, one disadvantage: if those files where custom coded by this community the work is lost cuz it replaces the stuff with non-infectable standard files from phpbb
Solution:
1. Create a SQL Backup of the forum wich cant be infected
3. Install a fresh new phpbb forum
4. Install the latest patch from www.phpbb.com
5. Put the SQL backup back in place
Also there comes a online tool that runs trough the phpforum toy would like wich checks for infection and replaces the infected files, one disadvantage: if those files where custom coded by this community the work is lost cuz it replaces the stuff with non-infectable standard files from phpbb
Indeed, so far I know 5, yes 5 forums that have been hacked recently! One shut down their whole website, and project, because they thought it was a plot of somebody going against free software (possibly, ALL 5 of those sites were open-source projects!) although, why just the forums? Why would anybody go against free software!?!? So most likely, they all just happened to use phpBB, and they were all open-source project websites. Who knows? Yet, i'm confusing myself again... i've goto stop that... 
"Please do not read this quote. Thank you."
Very interesting, strange software exists today 
I've read this page, http://www.f-secure.com/v-descs/santy_a.shtml, and I still think we were hacked by just some bored script kiddies. First, because the defaced they forum and posted the name of their hacking-group on it, and second, because the virus was first discovered on Dec.21, but the forum was hacked weeks before.
I've read this page, http://www.f-secure.com/v-descs/santy_a.shtml, and I still think we were hacked by just some bored script kiddies. First, because the defaced they forum and posted the name of their hacking-group on it, and second, because the virus was first discovered on Dec.21, but the forum was hacked weeks before.