My apologies again, but again the board was hacked.

I have restored the db again (more recent backup) and the files and got it back up and running.

Now here's the thing. I am nearly 100% positive that the hackers are exploiting a security vulnerability in IPB 1.2. But the only way to eliminate it is to upgrade to the latest version of IPB. Unfortunately, IPB is no longer free and would cost $185 to get a lifetime site license, which is $ I don't have.

I have an account with paypal, schamber@zeoran.com. You can go to my guild website at www.guardianbrotherhood.org and find a donation link on that site if you wish to help support this one (I run all my sites off one webhost account). If I get the $185, then I will purchase a lifetime site license from IPB and upgrade the forums IMMEDIATELY. Any money over that amount will be used to help pay the monthly costs associated with simply hosting and running the site. I hate to ask for money, but it's the best, if not the only, way to keep the site running safe and secure. I'd front it myself, but I simply don't have any leftovers after covering my own living expenses and being a single father.

In the meantime, I will do all that I can to keep the site running with as little downtime as possible, including daily backups of the sql database.

My apologies once again for all the downtime. I've tried my best to keep it to a minimum.

~Z

Hi Zeoran,

my contribution is done, use it well

Payment Information

You have sent a secure payment of $5,00 USD for the items below. This credit card transaction will appear on your bill as "PAYPAL *GUARDIANBRO". You will receive an email receipt for this transaction shortly.

Amount: $5,00 USD
Item Title: contribution to help stop hacking The CD Forum

Contact Information

Business Name:
Guardian Brotherhood
Contact Email:
zeoran@guardianbrotherhood.org
Contact Phone:
888-488-6655

@Zeoran

I sent you an equivalent of $7.74 USD in AUD by PaPal. Hope it will help to eliminate the lonely guy...

All the best
fafot

@Zeoran,

Like others, my contribution is done, use it well

Amount: $5,00 USD
Item Title: contribution to help stop hacking The CD Forum

Could you search google for the specifics of the vuneralbility and find out more about it and try to patch the php files yourself?

I´ve done my part too!
I donated a little bit via entrance of www.guardianbrotherhood.org!

Hope others will do so too!

Just had a nasty thought after donating. What if this is a scam by the hacker! Are we sure that the money is going to the right place?

bazz poses a good question. I hope this is legitimate.
It's been a very long time since I've used my paypal account, and discovered that it's been limited until I get a code via snail-mail.
Once that's resolved I'll also donate.

All right!

I have sent two $7.77 via paypal. It's worth the trouble.

Regards,
Teletom

Sent $ 5.00
! Thanks for your effort, zeoran !
philon

My $20 is in as promised!

Great support guys, I wish I could afford to donate. At the moment I'm trying to get the funds up myself for my board so I don't have to worry about being hacked.

Zeoran:

I just sent a Paypal Payment of $50.00 US.

I, for one, am sick of the little freaks who get off hacking this board! LEAVE US ALONE spifflenutsERS!!!


Mark.
(Yeah, I'm annoyed...)

I don't like non free forums anyway is a good idea to help somehow since we are all using this forum

My $10 is sent.

I've just received an email from paypal stating that they've straightened me out.
$20 on it's way.

My donation is in

@ALL
It's a good thing that the people using this forum are helping to support it.
I certainly don't like the downtime. It's like going through withdrawals.

Us insomniacs need something to do.

Hi Guys,

You can stop filling the yar.
I estimate that there is at least $350 in it now...
The license is being purchased....

Regards,
Bart.

As you will have likely noticed by now, the new software is installed and should be working fine.

I'm sorry for all the inconvenience and offer my tremendous thanks to those who helped and invested into the site to make this happen.

The donation link will continue to be up on my website at www.guardianbrotherhood.org (left-hand column) in case you still wish to help donate to the ongoing maintenance costs of the site.

Thank you for your patience and contributions.

~Zeoran

thank you very much Zeoran.
it is working fine.
i hope, all like the new design.

Joshua

That was fast Zeoran!
Thanks much - I like the new design!

hopefully this time those idiots stay away.

@zeoran,

thanks for the prompt update.

@zeoran,

thanks a lot for that fast update! The design is ok but the most important thing is that there will be no hack by any idiot in the future

So i got my fingers crossed

Yeah ! Thx a lot

SnackBoule

Thanks to zeoran and all the people that contributed to maintain this forum alive. My best regards to all of you!!!

With any luck this version is not as vulnerable as the old one.

Let's try not to challenge these morons, there always seems to be a flaw somewhere.
The last thing we need is them screwing with us because someone said it could not be done.

& a big THANK YOU to ZERORAN & everyone that helped pay for the update.

Glad my fears that the donations may have been a scam by the hacker were unfounded. They probably wouldn't have the brains to come up with such a thing anyway.

Thank you Zeoran. It looks better too!

Glad to see this forum updated also. Great support from the users of BPE and this forum!! We should be secure now.

Thank you for a new forum, only there is no enough logotype


S@M

Hey, Nice!! That was extremely fast! Thanks heaps to everyone who contributed.

This is a good point...
Can we have the old logo back?

Could we maybe have a "favicon" ?

OMG look at the forum title! "Hacked by SanyaX".

[edit]
Zeoran - its not the database thats being hacked is it?

Since our hacker so kindly posted his ICQ number i had a chat with him
Everyso often he blurted out some russian, so I translated it with babelfish (not very good results)
==========
infirmus (4:02 PM) :
not me
SanyaX (4:02 PM) :
I CHTO
SanyaX (4:02 PM) :
I DONT NO
SanyaX (4:02 PM) :
I RUSSIA
infirmus (4:02 PM) :
im a member at the 911 CD Forum, which u supposedly hacked
infirmus (4:03 PM) :
http://www.911cd.net/forums/
infirmus (4:03 PM) :
What do u mean "I RUSSIA"? Are u trying to say that u are Russian?
SanyaX (4:03 PM) :
yes
SanyaX (4:04 PM) :
good bye
infirmus (4:04 PM) :
So what
infirmus (4:04 PM) :
Y do i care if ur russian
SanyaX (4:04 PM) :
yes
SanyaX (4:04 PM) :
netpartizans
SanyaX (4:04 PM) :
hack-team
infirmus (4:04 PM) :
and y would u want to hack the 911 cd forum?
SanyaX (4:05 PM) :
good bye
infirmus (4:05 PM) :
hello
SanyaX (4:05 PM) :
good bye
SanyaX (4:05 PM) :
ìíå yt rjulf lehf ,kz t,fyfz (to me yt rjulf lehf.kz t.fyfz)
infirmus (4:05 PM) :
are u going to tell the forum admin what is wrong with the site?
SanyaX (4:05 PM) :
ìíå íå êîãäà äóðà áëÿ åáàíàÿ (to me not when the fool of blya is ebanaya)
infirmus (4:06 PM) :
that doesnt mean much to me
infirmus (4:06 PM) :
are you 13?
SanyaX (4:06 PM) :
15
infirmus (4:06 PM) :
likely
infirmus (4:06 PM) :
what is wrong with the forum?
infirmus (4:06 PM) :
how do u hack it
SanyaX (4:07 PM) :
ïîòîì ðàñêàæó (then to raskazhu)
infirmus (4:07 PM) :
um, yesss... ok then..
infirmus (4:08 PM) :
you speak GREAT english
SanyaX (4:08 PM) :
good bye
SanyaX (4:08 PM) :
bad
infirmus (4:08 PM) :
i dont want to go yet
infirmus (4:08 PM) :
how do u hack the forum?
SanyaX (4:08 PM) :
Íó è èäè íà õóé ñóêà (Well go to khuy of the bough)
SanyaX (4:09 PM) :
ipb.pl
infirmus (4:09 PM) :
in english?
SanyaX (4:09 PM) :
no
infirmus (4:09 PM) :
care to explain what u mean by ipb.pl?
SanyaX (4:09 PM) :
good bye
infirmus (4:09 PM) :
What exactly?
SanyaX (4:09 PM) :
Áëÿ äóðà ÿ òåáÿ íå ïîíèìàþ âîò è âñ¸ (Blya fool 4 you I do not understand here and all)
infirmus (4:10 PM) :
i cant speak russian
infirmus (4:11 PM) :
can u say that again in english?
infirmus (4:13 PM) :
you still there?

Invision Power Board v2.0.4 is also on the list of being vulnerable
See here: http://www.securityfocus.com/bid/13797/info

I found a IPB Security Update (10 May 2005), check here:

http://forums.invisionpower.com/index.php?...0&#entry1179287

Regards,
Bart.

An error has occured

Sorry, the database is currently unavailable, please try your request again shortly

@Zeoran

It seems like the board was hacked again by this f*cking little hacker-kiddy :-(

Maybe the link posted by Bart could close the security-gap...

Best regards

cool400

Hmm, that update was already applied.

http://secunia.com/advisories/15545/
Says:
The vulnerability is caused due to an error when deleting user groups. This can be exploited by a non-root admin to move users into the root admin group.

The vulnerability has been reported in version 1.0 through 2.0.4. Other versions may also be affected.

Solution: Only add trusted users as non-root admins

Bart.

Ok.. I think the cheese-dick was getting in through the main "Admin" user account, which they may have hacked the password for.

For now, I have removed everyone save myself from the admin usergroup and changed passwords AGAIN.

I've also reset the category titles to what I "think" they used to be. Please let me know immediately if I missed something or mis-titled something or if you notice anything missing or wrong.

I want to get this mess straightened out and put it all behind us.

Btw, the stupid poo left his ip address in the logs, so I WILL be utilizing ALL resources at my disposal to track his arse down and put it AFLAME.

~Z

@infirmus

Good that you "talked" with the guy...

Actually he gave us the answer we wanted...

You asked him: how do u hack the forum?
He said: ipb.pl

What he means is that he used an exploid script called "ipb.pl"
h**p://www.xfocus.net/tools/200501/ipb.pl

Regards,
Bart.

I tried the exploit script, I think it does not work anymore.
Also the script is called "Invision Power Board v2.0.0 - 2.0.2 sql injection exploit" could we assume that 2.0.3+ are not exploitable?

Maybe the hacker used the exploit when we where running the older IPB version and we "forgot" to change the admin password when upgrading to 2.0.4

Regards,
Bart.

@Zeoran



911cd/BartPE Forums -> The CD Forum
Main -> 911 CD
BartPE -> Bart's PE Builder

Regards,
Bart.

Changes are done. Sorry about the mixup.

I think we finally have things locked down. Time will tell. I have some extra resources in place to help keep track of things. In the meantime, this is the log of what he did:



The only part that worries me is the first line, that he actually DELETED a forum. Can anyone confirm if this is true?

If it is, then getting it back would be extremely difficult, at best. The only backup I have is pre-upgrade, so the only copy of that forum is pre-upgrade. Anyways, let me know gang and I'll do what I can.

Sorry again for any inconvenience.

ps - I know the banner logo doesn't match now, I'll work on it. :-)

~Z

It looks like he deleted(?) quite a bit of the forum...

The following sections are EMPTY...911CD= general - Requests & Contribution - Troubleshooting & Problems
Modboot= Modboot Framework - Network Bootdisk
Corporate Modboot Subforums= General - Requests & Contribution -Troubleshooting & Problems
General= Rest of the World

THIS REALLY SUCKS!

I can see all the forums and they still have all the posts in them...

[edit] ah I see what u mean, only the sections u listed are missing...
The bartpe section that I mainly use is still there. (phew)

[edit2] it seems that the actual threads might still be there, just the references are removed from the category list. If you click on the last post next to each category it still loads up..

I posted what I got next to what he got.

thanks
REGMAN