Hacking attempts...

General discussion of anything. Discuss a topic in and out of IntegraMOD

Moderator: Integra Moderator

Hacking attempts...

PostAuthor: sanji » Mon Aug 28, 2006 5:36 am

Everybody here noticed that many forum using Integramod have been attacked recently, and several members lost their site.

When checking my own ACP, I was astonished to see that many visitors came on my forum after searching the following in google or msn:

- /search?q=Powered+by+KisMod
- /search?q=+%22Powered+by+integramod
- /results.aspx?q=Powered+by+IntegraMOD

More than 20 just for the last 24 hours!

Which gave me an idea that I can unfortunately not implement by myself: what about automatically baning visitors that reach our forum while searching those keywords?

This could be a very efficient way to limit the risk of an attack...

Any comment welcomed.

sanji
Last edited by sanji on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 9:18 pm
Cash on hand: 0.00
Top

PostAuthor: Michaelo » Mon Aug 28, 2006 4:05 pm

We have some think else planned for this that will remove the search result... <img>
Last edited by Michaelo on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 6:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland
Top

Re: Hacking attempts...

PostAuthor: BMD » Tue Aug 29, 2006 5:41 am

I have been hit 4 times in as many days.

I had my site backed up so I have not lost any data, but it is a pain to spend time reconstructing the site each time.

I have stripped the integramod folders and started clean... I have started with a fresh DL from here..... I have changed passwords (different for FTP, MySQL, my host account and my admin account....

nothing matters...they still get in.

I am going to try starting with phpbb2.0.21 and add work from there.

Is there a version of IM that has the 2.0.21 already incorporated?
Last edited by BMD on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BMD
Members
Members
 
Posts: 84
Likes: 0 post
Liked in: 0 post
Joined: Thu Aug 24, 2006 5:12 am
Cash on hand: 0.00
Top

PostAuthor: Michaelo » Tue Aug 29, 2006 6:03 am

We are working on a phpBB to IntegraMod 1.4.0 update which includes 2.0.21 and security updates... More later.

In the mean time check the security forum (second post) for latest updates... these must be instaled!

Mike
Last edited by Michaelo on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 6:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland
Top

PostAuthor: jwernerny » Tue Aug 29, 2006 6:40 am

"BMD";p="14454" wrote:I have stripped the integramod folders and started clean... I have started with a fresh DL from here..... I have changed passwords (different for FTP, MySQL, my host account and my admin account....

nothing matters...they still get in.


The hacking script, c99 shell, also has the ability to cross-infect on a shared server. The best defence against this kind of attack is to change your folder names. Simply changing the root of the forum from "..../forum" to "..../<another_name>" will be a big help. You can redirect web access to the new folders using your .htaccess file.

- John
Last edited by jwernerny on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
User avatar
jwernerny
Members
Members
 
Posts: 87
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 4:58 am
Cash on hand: 0.00
Location: Fairport, NY
Top

Re: Hacking attempts...

PostAuthor: BMD » Tue Aug 29, 2006 7:11 am

Hi John

Already tried using other folder names.

Also use mixed characters in passwords... alpha (upper and lower case) and numeric.

Thanks though for the suggestion.

I also am working on image links to replace the text in the overall footer.
with names that have nothing to do with phpBB ot IM to stopgap the search till his can be ironed out.
Last edited by BMD on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.

BMD
Members
Members
 
Posts: 84
Likes: 0 post
Liked in: 0 post
Joined: Thu Aug 24, 2006 5:12 am
Cash on hand: 0.00
Top

PostAuthor: Michaelo » Tue Aug 29, 2006 7:55 am

BMD, Helter has already finished this details later...
Last edited by Michaelo on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 6:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland
Top
Return to General Discussion

Who is online

Registered users: Google [Bot], Unspecified Bot

  • All times are UTC - 8 hours [ DST ]
It is currently Thu May 16, 2024 8:36 am

IntegraMOD® is Powered by phpBB® Forum Software © phpBB Group
Support Ukraine
support Ukraine