Irrlicht Forum has been hacked

niko · Post by **niko** » Sat Dec 04, 2004 9:00 am

I just sent this mail to all users, but just in case your Spamfilter blocked it

I'm also goint to put this on the front page of irrlicht.sf.net.

Few hours ago, the Irrlicht Engine forum has been hacked. I don?t know exactly what and how they did this, but it seems that they only changed the forum frontpage. I restored it, upgraded to a newer version of the forum and changed some passwords. That?s the only thing I can do. I?m sending you this mail to let you know that they maybe also got your user account password and that it may be insecure now, please change it.
From my personal point of view, I cannot understand why anybody would hack an open source project website like Irrlicht. I am doing this for free, and in my spare time, of which I currently don?t have a lot. I thought hackers have some honor, but obviously I was wrong here. The Irrlicht website isn?t the only 3D engine project which has been hacked recently: The one of Purple# (www.bunnz.com) is another example. I?m not pleased at all. Hey guys, if you want to stop people from creating great free and open source software, you are on the right way.

Niko.

vermeer · Post by **vermeer** » Sat Dec 04, 2004 10:32 am

I don't understand it either....hacking an uber powerful capitalist company , or oppressive government, I could understand it, but heck, an open source project....crazy world....

Well, I have no mail from you nor even in bulk..I suppose you refered to those with problems...Anyway, changed now the password...

gbjbaanb · Post by **gbjbaanb** » Sat Dec 04, 2004 5:07 pm

I can understand postNuke being hacked - it is notoriously open to PHP exploits. However, Irrlicht's forum...

Have a look at this link, which has a description of the vulnerability with phpBB2 up to version 2.0.11

http://forum.plesk.com/showthread.php?s=&threadid=19529

As for being hacked - everyone gets hacked at some point, and hackers do it just for the peer kudos they get (there are sites where hackers boast how many sites they've defaced) its just a game for them. Be thankful they just defaced the frontpage which was easily restored

dingo · Post by **dingo** » Sun Dec 05, 2004 3:58 am

Wow, what sort of complete degenerate is the idiot who hacked this phpBB?

I know how annoying and frustrating it must be for you Niko. All I can say is remember that the hunderds (thousands?) of people who love Irrlicht as much as you are equally as angry at this idiot as you must be.

I'd also like to remind you how thankful we all are that you made and maintain Irrlicht and hopefully the thanks of hunderds (thousands?) of people will condem the act of one moron wannabe hacker into the deep recesses of the dark unknown for you.

Also it is worth remembering that if the hacker keeps "hacking" one he will eventually be caught, hopefully the dummkopf's actions here at Irrlicht will have exposed him that little bit more and he is closer to getting caught.

Keep up the good work Niko and don't let this incident detract from your great work

Masdus · Post by **Masdus** » Sun Dec 05, 2004 10:29 pm

could be they were hacking to forum to access the email addressed of the users. On forums with large users bases these email addresses can be quite valuable

knightoflight · Post by **knightoflight** » Mon Dec 06, 2004 9:51 am

should the incident reported at "Site security" ? :
http://sourceforge.net/support/getsuppo ... tesecurity
Isnt the forum hosted by sourceforge and shouldnt they (or OSTG Inc) track the incident with the CERT (the US-CERT in Uni Pittsburg ?) ?

gbjbaanb · Post by **gbjbaanb** » Mon Dec 06, 2004 11:26 pm

Just out of curiosity, the forum currently had 'powered by phpBB v2.0.6' at the bottom. Thr latest PHPBB version (and the one not affected by the highlight injection vulnerability) is 2.0.11

firefly2442 · Post by **firefly2442** » Thu Dec 09, 2004 12:48 am

phpBB is very secure as long as you have the latest version. Well, I hope it doesn't happen again. Ruining open source software is just downright low. That's like hackers kicking themselves in the head. Probably some newb script-kiddie.

niko · Post by **niko** » Sun Dec 12, 2004 12:31 pm

gbjbaanb wrote:Just out of curiosity, the forum currently had 'powered by phpBB v2.0.6' at the bottom. Thr latest PHPBB version (and the one not affected by the highlight injection vulnerability) is 2.0.11

Yep, I simply didn't update the interface (html pages, templates & stuff), the code beneath the forum should be updated.
I wanted to report that hack to sf.net, but I didn't find the right link/form/email adress. Maybe I was blind or something.

Bob · Post by **Bob** » Sun Dec 12, 2004 10:31 pm

You need to run update_to_2011.php, which is located in the /install/ directory to update your mysql database to the newest version. That'll fix the notice at the bottom of the page to show the correct version.

If you got hacked by spykids, don't worry. They were just searching google for any websites that contained the line "Powered by phpBB: 2.0." and changing the mainpage with their little script. It was probably not personal.

Tyn · Post by **Tyn** » Mon Dec 13, 2004 12:55 pm

Just out of curiosity, what exactly did they change/add?

niko · Post by **niko** » Mon Jan 03, 2005 1:01 pm

Ah, but maybe it would be a good idea to remove the version tag down there, so the hackers at least don't find this board via google.

What they did exactly: Replaced the fontpage with a text line, something like "<somegroupname> testing your security".