Board Hacked!

Admin announcements regarding this board.
Post Reply
Message
Author
User avatar
issinoho
Site Admin
Posts: 201
Joined: Tue Feb 01, 2005 12:53 am
Location: Scotland
Contact:

Board Hacked!

#1 Post by issinoho »

As some of you have already noticed, this site was hacked
on Tuesday and the posts were all deleted and replaced by a hacker's
signature.

I've spent most of the time since, (a) restoring the data, and
(b) trying to find out what the hell happened.

As to the latter, a combination of MySQL and Apache logs revealed a scripted
attack at 19:33 on the 27th which exploited a vulnerability in phpBB (the
bulletin board system the site is using) to gain Admin access. The version
of phpBB being used by VAMP (2.0.11) was a little aged and I had been lax in
keeping it patched so maybe I had this coming!

For the full skinny on the attack method take a look here,
http://www.frsirt.com/english/advisories/2005/0212 and here,
http://www.frsirt.com/exploits/20050314 ... xp.cpp.php .

I've now (obviously) patched phpBB to the latest version and VAMP is now
back up & running again. Apologies if you've lost posts or your account -
I'm still working on getting these back.

A scan of all relevant accounting and event logs has satisfied me that no
compromise was made at an Operating System level - not that I had any
doubts.

So, a word of warning if you are running phpBB (on any system) - make sure
you're running at least version 2.0.13

Post Reply