Discussion in 'TW Questions/Comments' started by OnyxZ28, Dec 20, 2004.
Looks like someone hacked in.
Yeah, and it looks like they had to restore the board from backups... seems to be a day worth of posts missing.
Yup, I got a message about a webworm when I signed in.
Yeah, I first saw the message around 6pm EST. I hope TW addresses it on the site somewhere. And I hope they find the ******* SOB who did it.
That explains it....thought I was losing my mind. I knew I had put in a couple of posts recently and when I didn't see them in a thread I was trying to figure out if I had been dreaming or worse.
at lease I wasn't the only one... What did Happin an why? If it happins again I hope Tw alerts us Before it happins.
It's really hard to foresee this kind of hacking happening, Frodo, it's not like TW's going to have a "Hacker Alert Level" like the gov't does. I've a sneaking suspicion it's that spammer from www.tennis-world.org.
lol if in doubt, blame the spammer from Tennis World. BTW, does anyone else hate the fact that you can't copy and paste stuff from that site, or get pics etc.....?
Can't stress how important it is for TW to update the forums to 2.0.11. There are a huge variety of exploits that can be used to hack phpBB unless you upgrade to .11. If any admins are reading this please do it!! You also need to get your hosts to update php to 4.3.10. (you are currently on 4.3.2)
They can keep hacking the forums with ease until you upgrade to the latest versions of both.
It happened in the middle of my reading. I opened few threads to read offline, refreshed the board to find some more and there it was - imbecile's signature...
Yes, this was pretty freaky. I hope this idiot gets caught. Does anyone remember what that signature was?
I was just postin when it happened again! Pathetic creatures with tiny little penises hacked board again!
I'm really pissed. When someone can not make anything, he is destroying someone's elses work.
Yeah I saw that too--it was back up in 5-10 min though. Hopefully TW's staff is working to patch the board software.
Nobody is Hacking our board. It's a worm that affects the Highlighting function of certain PHPBB versions. We are working to fix this, hopefully this gets fixed permanently tomorrow. I will keep you all updated as I learn more about this. One thing I do know is this worm cannot affect our members/Users computers, it only affects certain files on our server.
Here is more info about this worm: http://news.zdnet.com/2100-1009_22-5500265.html
Well an update to 2.0.11 on phpbb and 4.3.10 on php will close all known vulnerabilities to both this worm and worms like it and all currently known hacking exploits (a huge number of which have been found between 2.0.6 and 2.0.11).
PS the board was indeed hacked, but by a mass worm instead of a single hacker. The vulnerability was a recent highly publicsed exploit that was closed in version 2.0.11, the santy worm exploited the hole to hack phpbb forums that werent updated, but used automation via google to search for "Powered by phpBB 2.0.10/2.0.9 etc etc" to find its targets.
The only thing I can say about someone who spends valuable time making a worm such as this is, "WHAT A WORM"!
We should have the death penalty for such creatures so we can rid ourselves of such stupidty!
Usually i'm mellow on here but this was just stupid, TW provides such a great place like this forum and these idiots have nothing better to do.
True, I want everyone to know that our board has not been singled out and hacked. This worm has affected over 40,000 boards, we were simply one of the unlucky 40,000 out of over 5 million sites that are still running 2.0.10 or below. This should be resolved on our end by thursday.
The person who spends valuable time to make such a worm probably argues he is doing a favor to the phpbb community by forcing them to produce a better product. Fortunately this was a rather harmless worm. If the author was more malicious, I am sure he could have baked up something far worse than this.
Glad you guys have a solution. Yes I read the story on ZD this morning about the worm affecting 40,000 boards. I was just aggrivated since this is my favorite place on the web, so it was annoying to have it hit close to home. Thanks for such a great board though, wouldn't be the same without it.
you can stop now, Scott, they gave you the agassi racket already:wink:
well, Tom "Mister Orange Alert" Ridge IS out of a job now...
Separate names with a comma.