UBB.Developers Forums UBB.threads 7 Development How Do I? Attacked! What now?

Hi--

My Board was attacked this weekend. My question is what do I need to do ***immediately*** to give me time to figure out what to do for a more permanent fix?

Threads version: 5.4.4php (I have yet to migrate to UBBThreads)

Discovery: I tried to login and my password had been changed.

Damage found so far: All Categories were renamed to "Admin - Lamer.Vladi - Rulezzz"

Clue: I have a new user registered 3 days ago, username Vladi.

Actions taken so far: banned username Vladi. Ran a site backup.

Is there a way I can tell what his ip address was? He made no posts under this username. I suspect banning him as a user is not much protection, so I would at least like to ban his ip host, pookmail.com, at least until I can figure out if this is the culprit. Not much protection because he probably has many e-mail addresses, even if he were to use a real one.

What else can I do short term to protect things?

Any advice as to a long term solution?

Thanks for your help!

We'll, short term protection: Shutdown the board and remove the scripts from your server. Banning IP or usernames won't protect you from such kind of attacks.

Long term solution:
Use a backup and upgrade it to the latest version of ubb.threads (and use the security mod published here) or use the latest beta version of ubb.threads.

Inform your ISP about the hack, so that they can have a look at the server and see if it has been compromised. If you're running a dedicated server, hire someone to do that for you.

Astaran--

Thanks for you very quick reply!

Well, I really don't want to shut it down, but will if necessary. How exactly to I go about shutting it down?

And how do I remove the scripts? Which scripts?

I'd guess I could change the file permissions for the forums directory of the site.... Am I close?

Although I have had this board for 4 or 5 years, I am definitely not a techie....

Thanks, Astaran!

I think you already managed it.
Download all files in your /forum subdirectory for backup purposes and delete the files on the server afterwards. You might want to upload a html site, explaining why the board is gone.

Yes, your actual forum data will be safe once you do that. Then upload a clean copy of your current forum files (5.4.4php) and upgrade immediately and delete any leftover old files once that is done.

We as site owners should understand that the minimum we must do when running a site is keep the software running it updated to current versions - it's the only way we have any chance of keeping our sites secure. Exploits will crop up still (meaning we'll have to update once the update is available), but your current files have security holes that have been widely known for years We can't force people to upgrade, but you are finding out what kiddie hackers can do now that school's out.

Astaran and Allen--

Thanks for the quick replies.

[]Then upload a clean copy of your current forum files (5.4.4php)[/]

Where do I find one of those, assuming I cannot find it in my backups from years ago.

Don't you fall under infopop's agreement with those who ran the old wwwthreads software? You can upgrade to the latest software for something like $32 - you'd be crazy not to

Allen--

Yup, I do, and I renewed last October or so, so I can still download, I think, if I can remember where to go and what the password was.

But in any case, my question was where to find a copy of 5.4.4 if I cannot locate mine, if anyone knows?

Thanks, Allen!

I may have it on an old workstation, the best place to check tho would be at infopop tho. A link to the members area is at www.ubbcentral.com too

You won't need the old 5.4.4 files while upgrading. Just grab the new version and follow the upgrade instructions in the manual.

Aye, there are SQL upgrade scripts in there that allow you to upgrade your database structure in a stepped manner.

Now BEFORE you even do that...make sure you back up your database! There have been issues upgrading (once in a blue moon)...better to be safe than sorry.

Medar, Astaran, Allen--

Thanks! I will heed your advice. It is backed up. Not sure I know enough to do the upgrade myself, unless it is a simple install like running an rpm....

You might start here:

http://www.ubbcentral.com/support/docs/ubbthreads/UBBThreads_within_licensed_upgrade.html

Allen--

Thanks! I have looked through this file and it looks understandable.

Their instructions say:

[]3) Use your UBB.threads™ control panel to turn your board off.[/]

Huh? Don't think there is anything like that in the Admin stuff in 5.4.4. So am I stuck? What do they really want done here?

Their instructions also say:

[]If a step returns "FAILED" instead of "OK", please carefully copy down the exact error message provided with the failure, and contact Infopop Support for further assistance.[/]

Just how fast and reliable are they in responding? I can see posting a message there and it never being answered.... On the other hand, I know I can come here and get an answer in hours, if not minutes.

So, are there a lot of difficulties and questions that come up in this process, or is it something a newbie can do, in less than an hour, in your experience? Under an hour and it is worth it to me to understand my board better. Over an hour, and it is worth it for me to hire someone to do it....

Thanks Allen!

In less than an hour unless your site is huge

There's quite a few steps in the database upgrading process that can take a good amount of time if your server isn't very speedy, but it's a matter of clicking on the link to go to the next step for the most part.

They are responding fast if you issue a support ticket.

Before upgrade, take a look at the infopop
http://www.ubbcentral.com/boards/postlist.php/Cat/0/Board/UBB7
for the issues that await you.

Anno and Allen--

Thanks for the useful estimate and the reference to the kinds of problems people are experiencing.

One question--does the upgrad software cover older versions like mine, or just a upgrade from the more recent versions?

Thanks for the very big help you are to me!

Not sure but I think this is explained in the document Allen linked to, as well in the documentation that accompanies the upgrade files.

Anno--

Thanks!

it covers the older versions too