My forum is under hacker attack

[manpe]

Hello

I have a problem with my forum, it's been taken down several times already by a hacker. It happened again today. Here is the link.

Now, I am not the caretaker nor the founder of the forum. I'm just an administrator. I have no access to the root of the forum, but I can be the messenger. What I'm asking is help from you - how to protect the forum later on?

And if somebody knows how, we (the forum users) would like to strike back somehow.. but since my knowledge in this area is far limited, I don't know how. If some of you know how to.. how should we say... beat the sense into this guy, then you can contact me here, through e-mail or MSN (ask in PM).

Seriously, at first it was funny. The second time it was dangerous (he uploaded porn and directed to a site containing Trojan). Now is the third or fourth time and we're getting pissed. After all, some of our guys pay for the forum.

-EDIT-

If there is a better place where to post it, then please move it. Thanks.

[DKT27]

I told you manpe. Install a site protection system. Or that sort of.

Basic: have you disabled uploading .php on your site?

[manpe]

You promised to recommend me some protection system :P

Btw, how to enable safe mode? And is it necessary?

[Toshiro]

U should check this: http://blogs.techrepublic.com.com/security/?p=424

There are some tips that are interesting.

Also.. a paid one.. But maybe there are other ways :P : http://needsecure.com/ (friend recommended this one.. )

GL m8 :)

[HX1]

Do you know how to trace back to the main account..?

Have you looked at logs.. requests... ?

Have you tried to ban registration from the e-mail addresses?

Filtered your site?...

What have you done thus far?

What type of server..?

Have you upgraded to the most recent packages for your site?

Most do come with updates that fix holes/vulnerabilities...

Just went to look ..

Have you tried to update PHP versions lately?

In some cases the most recent version of PHP is not supported yet by the current site package.. this can cause many different errors.

Is this on a normal system?

I have seen this before..mainly is the site still there for sure..?

EDIT: Clarification.. formatting..

[Lite]

The most important thing to to ensure all scripts and server software are up to date, this should help to address most security issues.

The next things we should look at are server settings and forum settings to ensure they are as "safe" as possible. If you send me a PM i can help you out more on this.

Additionally, its better to report the user to there ISP when launching an "attack". Furthermore, what consists of this "hacking" in this case?

[HX1]

Actually... looks like its back..

[manpe]

The site was put back up (as always, by the root admin).

BUT the former root admin dropped that forum, so I moved it to another host. The new address is pes.planet.ee, and we'll now wait and see if he comes back. I'm now the root admin.

Otherwise, my question still stands (how to make it safer).

@Heath - I'm VERY n00b at maintaining a forum. I didn't understand anything you said :D

[HX1]

Okay well.. then we are all n00bs for life.. and everybody know the minute you say .. "AHhh .. yeah that looks nice.. running fast.. I think I got it under control..." .. You just KNOW something is looking over your shoulder .. LOL so I say n00b for life.. plus it always allows me to feel better about making stupid mistakes..LOL.. oh and thats okay I can't read a word of whats on your site..LOL..

Okay my main question is what server are you running. Apache..Wamp.. XXAMP... what?

Next I am asking if someone tried to upgrade for instance from PHP 5.2.9 to PHP 5.3.. because I had an issue where I ran Joomla out of Wamp which included its own PHP ( 5.2.9 ).. I also had it installed for another Apache server for my made stuff.. and when I tried to upgrade it to 5.3.0.. everything went fine UNTIL.. the Environment Variable I had set n my system caused the Joomla installation to try to load HP 5.3.. which gave me so many errors I couldn't see straight.. and I had no idea what it was because it didn't take effect until after I rebooted..I thought .. everything was fine. SOO when I tried it again the next time around it said something to the effect that a ton of DLL's were missing and when I loaded the site it stated that no connection could be made to the database.. Similar to the message I seen on yours.. but means nothing if none of this surrounded the problem you had.. BUT in short when it was over.. ULTIMATELY I found that Joomla does not yet currently support version 5.3 of PHP.. which caused the problem..I uninstalled that and reinstalled 5.2.9...( and that was installed in my system for another server all together with no changes to the one it effected, I also found out it wasn't quite ready for the most recent version of the WAMP server either.. ) MySQL was back online everything was working fine afterwards..Little things like this.. mixed with negative occurrences with peoples ..hearing about all of the vulnerabilities/hacks that are usually thwarted by keeping whatever version of forum you have up to date.. or server.. CMS..

.. when you have the mix.. without proper investigating and back-tracking it can send you to the wrong conclusion..so like I was hinting at.. and Lite... above you should go about things in the correct manner.. cause sometimes it can be something simple..SHOULD you find something of that nature, there is an avenue of taking action before you put your head on guillotine as well.

[manpe]

Yesterday I tried to convert from the current phpBB2 to phpBB3, but this is what I get all the time during conversion.

Somewhy the converter makes tens of those images/avatars/gallery/ directories till it clogs my FTP storage space (I can have max. 20 000 files). And before I started installing phpbb3, I set every CHMOD to 777.

PS I also asked about it in the phpBB support forum, but haven't got an answer yet. Maybe someone here knows about it?

[DKT27]

I don't exactly know the problems root. But this is the proper tut to convert phpbb2 to phpbb3. Go here - http://www.siteground.com/tutorials/phpbb3...2_to_phpbb3.htm

[manpe]

I don't exactly know the problems root. But this is the proper tut to convert phpbb2 to phpbb3. Go here - http://www.siteground.com/tutorials/phpbb3...2_to_phpbb3.htm

It is the standard way of doing the conversion, and I tried it about 4 times yesterday. I also tried to do an "Offline conversion", but got stuck at one point.

Here is the offline tutorial: http://www.phpbb.com/kb/article/offline-conversions/

[HX1]

Wish I could help I use Nabble..for my private site.. but its like got one post and its mine ..LOL ( just easy LOL ) I never have actually been able to get my hands on phpBB.. ( Okay well I just went and downloaded .. and I will be .. ) Seems like the last time I looked it was going to cost to run it.. But who knows..

By looking at the documentation on the site it looks as though.. you may be going about the upgrade process the wrong way.

Like installing phpBB3 elsewhere and upgrading or migrating phpBB2 over to the location/install.. ( making sure you dont overwrite your config file..THEN I think you FTP it. BUT Please if I am wrong someone correct me here..The problem my be because you would want to eradicate the previous..( keeping a backup ) and then upload the new one. ( I hate all this why I like to run things off my own hardware )

[manpe]

Heath, I followed phpbb's official tutorial word by word. I suspect something isn't in place in the phpBB2 installation, because I believe the image directory has been slightly modified there previously (eg. folder names are changed to Estonian and whatnot). Part of me doubts that it is the reason, but it very easily can be.

[HX1]

I would agree, if something has been changed or something altered it may very well be.

[manpe]

Ok, I've got phpBB3 up - big thanks to Lite ;) Without him I couldn't have done it.

It does seem more secure, better, more efficient. For now I'll leave the hacker problem behind for now, till and if he comes back.

[DKT27]

So finally got it. What was the problem for transfer?

[manpe]

According to Lite, the script timed out. I converted it locally, and it worked.