Is there an attack on forum software that I am not aware of???

[pmhoran]

I belong to another forum ... not web host related ... that got "hacked" so everyone that visited got a trojan/worm on their PC. I didn't get infected ... I use a GOOD (and free) antivirus hahaha.

Anyway ... the owner of the forum sent me an email claiming "TONS" of forums all over the place have fallen prey to this "hack" or "hacker".

Anyone know anything about this???

He uses a years old free Invision Power Board for his forum ... if that makes any difference.

ALSO ....

does anyone know if the MySQL database might be infected. My limited knowledge makes me think its not likely. So I figure the best way to fix it is ... delete the software from the site ... reinstall another copy and configure it to recognize the current database and ... badda bing ... its back up and running.

He's claiming his web host is telling him that its going to take days in order to fix.

I don't see it. If it was my own board ... I think I would have downloaded a copy of the program files from the site to my computer. Let my antivirus "have at it" and then after deleting the current program files from the site ... upload the "cleaned" files ... and again ... right back online.

Am I being naive in what it might take to fix up this problem????

Thanks for all input
Peter

 

[Exon]

There are tons of exploits and hacks out for all versions of forum software, especially old versions. That is why it is key to update regularly, and if he hadn't done it in years then it was bound to happen.

If the host has daily/weekly backups perhaps they could just go back a couple days (Don't know their retention schedule, they might have to go back a week) for him and then he'd be able to update his forum software to prevent it from happening again.

 

[pmhoran]

To be honest ... I don't know if his host even does backups. But ... I have been told that singling out just one site to restore from a web server backup is MAJOR work ... and would result in losing any posts made since the backup they are going to restore.

Its a pretty active forum

Since IPB is not supporting (apparently) the free version of their software anymore ... I don't think there have been any security updates for a while. Don't know for sure on that though ... just an impression I got from posts I have read on the web this morning.

I am trying to convince him to move to an Open Source forum software ... but he is more than a little resistant. Even though I mentioned the forum could come under constant attack now that they know its vulnerable.

Peter

 

[Blue]

You should get him to upgrade to SMF or another secure forum as soon as possible.

Invision is very insecure if you don't have the purchased version.

 

[pmhoran]

Thanks Blue ....

As you were posting I was reading an email from my friend and he was mentioning moving to SMF too. I have never heard of it .... but I am going to go hunting for it now

Psychic??? Or .... great minds think alike???

Peter

 

[Artashes]

He uses a years old free Invision Power Board for his forum ... if that makes any difference.

Well yeah it does make a difference!! Peter, you almost gave me a heart attack here - I thought you were talking about vB, but no mention of the software until the middle of your post...

One of the forums, as part of my other web site, is powered by XMB.. and man do I have problems with that one. I was hacked a few times already + constant problems with spammers... You don't want to know. It was a poor choice of free platform, but it came with fantastico at the time.

Best,

 

[pmhoran]

Sorry Art ....

Bet it got your adrenaline going faster than coffee did though ahahahaa

The sites I setup and/or maintain that have forums ... the forums are part of the bigger CMS I use for the site. And I have safeguards installed so its unlikely (touch wood) that someone could hack the sites. At least I have done all I can to secure them. Hopefully its enough. Has been so far. Have had a few failed hack attempts on one of the sites.

Peter

 

[Exon]

But ... I have been told that singling out just one site to restore from a web server backup is MAJOR work ... and would result in losing any posts made since the backup they are going to restore.

As far as the MAJOR work, this depends on how they do their backups. I use WHM's autobackup feature to dump the backups to a server at home, while also having the datacenter do backups. I'm one of those paranoid guys when it comes to data.

To restore a backup, it's fairly easy via WHM...but then again - I don't know how your friend's host does it.

And yes, posts would be lost, as it would revert back to the backup state - but it might be worth it in the long run. And as Blue mentioned, try and get him to move to a free board that has regular updates. Else this will all just happen again. Perhpas he can put an "archived" feature up that has the old board.

 

[pmhoran]

Just got an email asking me if my friend gave me his login info ... would I see what I could do with the site to salvage it.

My plan ... try to "rescue & preserve" the IPB forum and then convert the database over to SMF 1.0.6 using their conversion software.

He admitted he was in over his head. I might be in over my head too ... but I am just idiot enough not to realize it

Just have to read & follow instructions ... and I do that fairly well

At least my friends site isn't with the same web host I use ... so if I screw up something royally ... at least my own sites are safe hahahaha

Wish me luck
Peter

 

[Exon]

G'luck Peter!

On a side note, your avatar looks like a pile of turds...I had to double check to see that it was a bear!

 

[Blue]

Peter, the import utility for SMF is very user friendly but you really need to determine where the exploit was.
It could be that a password has been comprimised. You should, after you upgrade, create a new Admin account and make sure all other permissions are set to read and post only.

 

[pmhoran]

Thanks for the tips Blue ... appreciated.

John ... yup it is a bear ... but most days a pile of turds is an accurate description of how I feel ... so I guess both are applicable hahahaha