 | Forum Hacked? |  |
 Posted: 05/07/2007 3:27 PM |
 |
|
|
|
|
| Caravan |
| Posts |
282 |
| Word Cnt. |
31,380 |
| BDay |
Apr 14 |
| Sign |
Aries |
| Sex |
 |
|
|
|
Joined: Nov 01, 2006
Local time: 6:36 PM
Location: Denver, PA
|
|
|
|
|
 |
Hi Nightrider, a friend of mine got an email a couple days ago from her server company. Here is a little piece of it.
| Quote:
|
The spam complaints have come directly to us from a major email service
provider. They do not name you as the spammer. Our internal investigation
has traced the source back to the directory where your forum is installed.
There have been more than 1500 emails sent from that location in less than a
week.
|
Can you tell me where to look in phpmyadmin for any administrators that shouldn't be on the board? Or where I would look for any suspicious activity or code.
She is not sure she has been hacked, and I am not up to speed on this stuff yet. She is complaining of a few other weird things that started happening all around the same time as getting this email.
She is running .21 so it's not like she is all that out of date, even though the server company made it seem like she was, lol.
I am planning on doing her forum upgrade for her and her host asked, but is there anywhere else I should be looking for suspicious activity? |
|
|
|
|
| Back to Top |
|
|
| Re: Forum Hacked? | |
| Posted: 05/07/2007 3:59 PM |
|
|
|
|
|
| Site Admin |
| Posts |
30757 |
| Word Cnt. |
2,628,690 |
| BDay |
Jul 28 |
| Sign |
Leo |
| Sex |
 |
|
|
|
Joined: Sep 25, 2004
Local time: 6:36 PM
Location: St Pete, FL
|
|
|
|
|
|
First, you need to know the email addresss being used to send the suspicious email. If they are using a name, then anyone can send email using an address like that. There really isn't a log of all outgoing email from your server unless your host maintains that information. Without knowing the email address attached to these questionable email messages, it would be difficult to take action to prevent it...
You could try changing the password to all domain email accounts that you have. I doubt that would change anything though...
And if your friend is running on phpBB 2.0.21, she is not far behind at all, regardless of what your host claims. The 2.0.22 Update only modified small portions of 15 files and it is possible that your friend's members might encounter session errors after it has been applied. That was a fairly common complaint after the phpBB 2.0.22 update was released. Besides, the phpBB version has nothing to do with whether someone is misusing the email system. The phpBB 2.0.22 update will not correct that problem...
 |
|
|
|
|
| Back to Top |
|
|
| Re: Forum Hacked? | |
| Posted: 05/07/2007 4:30 PM |
|
|
|
|
|
| Caravan |
| Posts |
282 |
| Word Cnt. |
31,380 |
| BDay |
Apr 14 |
| Sign |
Aries |
| Sex |
|
|
|
|
Joined: Nov 01, 2006
Local time: 6:36 PM
Location: Denver, PA
|
|
|
|
|
|
| That is what I was trying to tell her, that updating the forum is not going to help the problem she is having. She only wanted that done because the host told her to do it to help with this problem, I don't think she really understands what happened. She thinks someone signed up to her forum, and then sent out spam emails. I am thinking it has nothing to do with anyone that signed up on her forum, it's simply a hacker using her account to send spam email. Like I said, she doesn't understand. I will have her contact her host and ask which email address was being used, and will also have her change all her passwords to all email accounts. If the address is her webmaster address, can that be changed and not used? Or is that the default email that has to be there for phpbb to work? |
|
|
|
|
| Back to Top |
|
|
| Re: Forum Hacked? | |
| Posted: 05/07/2007 4:39 PM |
|
|
|
|
|
| Site Admin |
| Posts |
30757 |
| Word Cnt. |
2,628,690 |
| BDay |
Jul 28 |
| Sign |
Leo |
| Sex |
|
|
|
|
Joined: Sep 25, 2004
Local time: 6:36 PM
Location: St Pete, FL
|
|
|
|
|
|
I think you can change the passwords for all of your default domain email accounts. I don't think you can delete the email account, but you should be able to delete the account if you have no plans to use it...
If her members are sending spam email using her forum software, then their email addies will be attached to the outgoing email, not the addy to your forum. So once you have the email addy responsible for this, it should give you a good idea of where to look for the perpetrator, if it actually did originate from the community...
|
|
|
|
|
| Back to Top |
|
|
| Re: Forum Hacked? | |
| Posted: 05/07/2007 5:16 PM |
|
|
|
|
|
| Caravan |
| Posts |
282 |
| Word Cnt. |
31,380 |
| BDay |
Apr 14 |
| Sign |
Aries |
| Sex |
|
|
|
|
Joined: Nov 01, 2006
Local time: 6:36 PM
Location: Denver, PA
|
|
|
|
|
|
| Ok, thanks Nightrider. I just talked to her, and she agreed the forum update won't help. So she has emailed her host and asked for the email address the spam was being sent from, and we will see what he says. |
|
|
|
|
| Back to Top |
|
|
| Re: Forum Hacked? | |
| Posted: 05/07/2007 8:25 PM |
|
|
|
|
|
| Site Admin |
| Posts |
30757 |
| Word Cnt. |
2,628,690 |
| BDay |
Jul 28 |
| Sign |
Leo |
| Sex |
|
|
|
|
Joined: Sep 25, 2004
Local time: 6:36 PM
Location: St Pete, FL
|
|
|
|
|
|
I bet once all is said and done, the email address won't have anything to do with your friend's community...
|
|
|
|
|
| Back to Top |
|
|
| Information | |
|
Calendar
