Joined: May 25, 2003 Posts: 4752 Location: Santa Barbara, CA
Posted: Mon Aug 16, 2004 9:59 am Post subject: Hackers took out phpbb
OK, so as per the norm, the day after I go away on vacation some silly hackers took down the phpbb system. I reverted back to the most recent backup of the entire db, so chances are that the august posts are gone.
I really have no clue why script kiddies love hacking this server. Go attack microsoft you asshats and leave the volunteers here alone. No one appreciates your 'skills' and you'll never be able to use them to find a real job...spend your time doing something productive instead.
Joined: Sep 18, 2003 Posts: 434 Location: London, UK
Posted: Mon Aug 16, 2004 10:40 am Post subject: Re: Hackers took out phpbb
Perhaps they work for Microsoft!
Anyway shame to see it happen and also to lose all those posts, but glad it is back to something more normal... and welcome back from your hols. _________________ PBG4, 1.5GHz, SuperDrive, 1GB RAM, 128MB VRAM, 5400rpm 80GB HD, MacOS X 10.4.5
I was so happy to see a full, unhacked Trinity when I came back today. It's got me happier than the Krispy Kreme opening in Dupont Circle next week! (It's a Southern thing for those of you [y'all] not familiar )
That having been said, I see that the version of phpBB running in the nuke module 2.0.4; the current version is 2.0.10 and apparently everything after 2.0.5 has been a release that fixes only security holes!
Dunno if the nuke module version has been updated to support 2.0.10, but perhaps it's something to look in to when you get the time....
Anyway, hope you had a good vacation, Ed. Thanks again for running this (and everything else OOo/Neo)!
Joined: May 25, 2003 Posts: 4752 Location: Santa Barbara, CA
Posted: Mon Aug 16, 2004 8:20 pm Post subject:
Oh yeah, I had a great vacation...over 3k miles of driving but I got to spend multiple days camping and backpacking in Glacier, Yellowstone, the Tetons, beautiful drives through Wyoming, etc. It was actually the first time in over a year that it was over a week and a half between me turning on a computer If I had, trinity would've been fixed near instantaneously
I can go back and try to recover those posts, but yeah my first order of business will be to go through and look at the security patches again. The versions of things on the server are only partially indicative of what's actually here as I've done quite a bit of manual application of security patches without changing the version. I'll definitely check into the newer versions.
Still, this was the most destructive script kiddie yet. At least the other ones had the common decency to just smat their shout outs on pages. This one felt it necessary to delete things
Deep down in my heart I hope someday he'll be rudely awoken from dreams of gingerbread houses by an otter masticating his nutsack while a wino mariachi band covers Rocketman through a pair of megaphones strapped to his skull.
Joined: May 25, 2003 Posts: 4752 Location: Santa Barbara, CA
Posted: Wed Aug 18, 2004 7:08 am Post subject:
Oh dude, if you have time and can minimally keep track of security updates that'd be nifty! I still haven't put nukecops or the phpbb security sites on my "daily reading" list though I'll have to do that. This latest one was interesting since it was only affecting the phpbb portion...all past attacks went straight for the nuke.
I don't think switching systems would really help since we're going to have security problems with anything that's up. These days, once something is up people will try attacking it. I could restrict browser access to only let MacWWW through....
I was so happy to see a full, unhacked Trinity when I came back today. It's got me happier than the Krispy Kreme opening in Dupont Circle next week! (It's a Southern thing for those of you [y'all] not familiar )
That having been said, I see that the version of phpBB running in the nuke module 2.0.4; the current version is 2.0.10 and apparently everything after 2.0.5 has been a release that fixes only security holes!
Dunno if the nuke module version has been updated to support 2.0.10, but perhaps it's something to look in to when you get the time....
Anyway, hope you had a good vacation, Ed. Thanks again for running this (and everything else OOo/Neo)!
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum