# Hack Attempt



## Jae (May 6, 2002)

Please bear with me, we have had a hack attempt this evening on the site, and Im patching the software (PHPBB) to resolve the issue.

Regards

Jae


----------



## jdn (Aug 26, 2002)

[smiley=thumbsdown.gif]

Still 55JWB, SaulTTr and myself are not going [smiley=dizzy2.gif] then!


----------



## Jae (May 6, 2002)

Right, Ive had to upgrade the software, which has lost the calendar (for the moment), but rather that than a hack.

Thnaks to those of you who notified me.

Regards

Jae


----------



## jdn (Aug 26, 2002)

Swift work Jae.


----------



## Jae (May 6, 2002)

Hope so!!!

Jae


----------



## SaulTTR (Apr 30, 2003)

Well done old boy [smiley=dude.gif]


----------



## Jae (May 6, 2002)

Site and dB now upgraded to 2.0.11 which is the release that solves these hack probs.

All should be well, KMP and I have looked and it seems ok 

Cheers

Jae


----------



## NykS5 (Aug 20, 2004)

And I thought it was me!!


----------



## digimeisTTer (Apr 27, 2004)

Is this the problem i had late last night @ home. I logged on looked at a coupla posts and then all of a sudden when i tried to access some new threads it came up with an information post but i couldn't see any threads?


----------



## NaughTTy (Jul 9, 2003)

I've noticed the upgrade - there is now a confirmation page on submitting a reply and it goes back to the message instead of the index. Definitely an improvement


----------



## Kell (May 28, 2002)

is this the reason why the gallery is now not letting me in?

Goes to a blank screen...


----------



## MacBuff (Aug 11, 2004)

Jae said:


> Site and dB now upgraded to 2.0.11 which is the release that solves these hack probs.
> 
> All should be well, KMP and I have looked and it seems ok


We have noticed a hack attempt directly to MySQL, not via the phpBB forum.

The hack appears to remove the root userid access to the MySQL databases, and generally messes around with the system..

John


----------



## KevinST (May 6, 2002)

NaughTTy said:


> I've noticed the upgrade - there is now a confirmation page on submitting a reply and it goes back to the message instead of the index. Definitely an improvement


The removal of the confirmation page was a mod that I installed when the site first moved from YaBB to phpBB as many of the beta testers got fed up of the confirmation message.
JHae's got the (long) list of modifications that I did to the forum when we moved to phpBB - I expect (when he has the time) that he'll try to add those that he thinks are useful back to the new system.



MacBuff said:


> Jae said:
> 
> 
> > Site and dB now upgraded to 2.0.11 which is the release that solves these hack probs.
> ...


phpBB ver 2.0.6 (the version the forum had been running) had quite a few vulnerabilities. Unfortunatly it appears that someone found a couple of really nasty vulnerabilities in all versions upto and including 2.0.10. 
I've helped create and convert quite a few phpBB installations since doing this one for Jae - almost all those that I heled set up have been hacked recently using the recently found vulnerabilities. 2.0.11 hopefully fixes all those that are known about (until more are found... unfortunatly even open source applications have security vulnerabilities in them :? ).


----------

