Hacking Attempts

[Dan]

We have been geting alot of hacking attempts agisted the phpbb part of our code in the last 24 hours. Noramly we get a few perday but it has jumped to one or two a min. Becues of this i will be banning all ips that send an atack sting at our fourm. As far as i can tell no users are from thess IPs but if you get a message like this:

Quote:

Forbidden

You don't have permission to access /v3/index.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.58 (Gentoo) mod_ssl/2.0.58 OpenSSL/0.9.8d PHP/5.2.2-pl1-gentoo mod_watch/4.3 Server at compsci.ca Port 80

contact me ASAP (tho if you are geting that message you probly can not see this.) There is no risk in this stie being hacked by thess expoites as our code is not close enought to phpbb to be comiable with them, however they eat up neeedless bandwith and mess with the user stats so i will be blocking them at the webserver level.

[crash-hack]

Good morning admininstrator, I'm crash-hack from Italy.
I didn't attack this site and I didn't login to admininstrator.

But the bug is on the mod links, it's vulnerable of a sql injection attack...

Please disable it...Don't worry, I don't login with admin account, but I only find the misterios bug and I love help admin...

For question please contact me:

crash-hack@hotmail.it
www.hacktime.altervista.org



PS: I love Montreal...

[Mazer]

Montreal is pretty freaking awesome, I like this guy.

[crash-hack]

Thanks much brother...

[Dan]

Dan @ 22nd September 2007, 3:05 pm wrote:

There is no risk in this stie being hacked by thess expoites as our code is not close enought to phpbb to be comiable with them......

If you blive i am wrong in this stament could you provied more information about the expolite? I blive you are incorect in your asumtion about what this site is running :p

[crash-hack]

I don't understand what you say.

But I only say that the site is vulnerable, and I have hash ofthe user with id 1.
I don't hack it because the password is difficult to crack, but I always can log in with an cookie generator.
This is your hash: (It's cut, don't worry )

Quote:

http://compsci.ca/v3/
BUG MOD LINKS PHPBB
User ID Number: 1
MD5-Hash is: fd9a5217de***********0cdb093

Please, disable the links mod, there are many lamers on the net...

I look into the whois of the site and I have saw that this site is hosted on a private server.
But on phpbb there is a bug on restore database and I can change a script of the avatar control and I can upload a php shell

So, check the system of this site, you must get a new phpbb.

Sorry for my english...

[crash-hack]

Dan @ Sat Nov 24, 2007 1:48 pm wrote:

Dan @ 22nd September 2007, 3:05 pm wrote:

There is no risk in this stie being hacked by thess expoites as our code is not close enought to phpbb to be comiable with them......

If you blive i am wrong in this stament could you provied more information about the expolite? I blive you are incorect in your asumtion about what this site is running :p

Sorry, now I will send the link of the source of this famous exploit...

[Tony]

crash-hack @ Sat Nov 24, 2007 2:57 pm wrote:

So, check the system of this site, you must get a new phpbb.

This site isn't running phpbb. We just use crappy mods. Dan?

[Dan]

crash-hack @ 24th November 2007, 2:57 pm wrote:

I don't understand what you say.

But I only say that the site is vulnerable, and I have hash ofthe user with id 1.
I don't hack it because the password is difficult to crack, but I always can log in with an cookie generator.
This is your hash: (It's cut, don't worry )

Quote:

http://compsci.ca/v3/
BUG MOD LINKS PHPBB
User ID Number: 1
MD5-Hash is: fd9a5217de***********0cdb093

Please, disable the links mod, there are many lamers on the net...

I look into the whois of the site and I have saw that this site is hosted on a private server.
But on phpbb there is a bug on restore database and I can change a script of the avatar control and I can upload a php shell

So, check the system of this site, you must get a new phpbb.

Sorry for my english...

So many things wrong with this:

1. we do not have a user with an id 1
2. we do not have a hash in our database matching that string (i put wild cards in for the *s)
3. my user id is not 1
4. the coest user id to 1 is -1 and that user does not have a hash as it is a speahal user.
5. the other user id closest to 1 is mine and it does not have that hash


So for the link mod expolite, it cleary does not work.

Not shure about this avtar thing but i will have to look in to it more to see if you are full of it or not (you lost some creditbilty with me with that fake hash stunt).

tony wrote:

This site isn't running phpbb. We just use crappy mods. Dan?

We started with a very moded copy of phpbb and then moded it even more, so it once was phpbb but no longer compbtial with anything phpbb inlcuding (lucky for us) alot of phpbb exploites. And yes we do have some crapy mods running with could have expolites, however i am prity shure i fixed the link mod.