My phpbb3 forum got hacked ..

Please check indiaforums.info/index.php its redirecting to whitehackerz.org

Its not a javascript redirect or something is what I feel.

Anybody have any idea how to restore my site back?

Thanks in advance..

 

O yes, your indiaforums opened up for few seconds but immediately it redirected to the hackers site.

I don't know how to restore it, I would suggest you to contact your hosting provider and ask for help. They must have best answer for that.

Good luck

 

Can anything be added to a phpBB Forum to make them safe from major problems like this ????

 

I don't know but after seeing this forum hacked I am very worried about my own phpbb3 forum

I would go to the phpbb community and see if there is any MOD or anything that can be used to make the forums more secure.

 

There's a meta redirect in the content of all your pages.

 

You should use MyBB - it's like a free vBulletin.

 

If this meta redirect code is found on ALL pages of your site then I guess the hacker has put this code either on "overall_header.html" or "overall_footer.html" file.

Please check these files.

 

Like other people said, check those files. Also check your access logs to see what's been going on.

 

No files were updated ..
The meta refresh was from one of the phpbb tables.. i removed it.. still its present in some other sections too..

 

Did you try asking in phpbb community?

if not, go for it. They can help you better.

 

I posted in PHPBB support forums too.. But the reply is that I should upgrade to latest version..

By the way, as usual I was checking the visitor stats at statcounter, and saw 2 referrals from --http://www.zone-h.org/component/option,com_mirrorwrp/Itemid,160/id,7723443/

Thats how I came to know about the attack..

A lesson learnt..

 

you are more than likely going to have to go through all your phpbb pages that are labeled "index.html" or "index.php" and remove the redirects... they usually hit everywhere.

A nice trick to making sure you got it all off is to use norton and turn the security up to max... it will display an error warning if the spyware is still on your site.

 

What version you were using?

Just for others to know that old versions are no more secure.

 

my PHPBB3 got hacked a week ago and some hacker installed a phishing bank site. hostgator erased it quick after only about 20 hits. told me to increase my password strength. i also went ahead and password protected the admin folder in cpanel. only thing that was relayed to me was the hacker exploited a valid script.

 

Can you change the name from index.php to something else? Can you take away all the links to BB3? i mean the hackers must look for something?

 

Examins the htaccess files, and reinstall the templates too. Becasue they can edit your template and add the html/javascript to redirect your page!

 

right thats a good tip, diffrent template can be open to attacks.

 

Browse this list of known vulnerabilities and see if anything mentioned applies to your site: http://secunia.com/search/?search=phpbb&w=0

You might be able to use .htaccess and php.ini to better protect it, but you have to be careful not to disable anything that phpbb needs to function properly.

If a bad plug-in or module is the problem, the fix would be to remove it, the opposite of adding something.

That was a good reply from them. It's important to have the latest version of all scripts. The latest version might have fixed the exact problem that allowed your site to get hit.

One thing they look for is old versions with known vulnerabilities that they can exploit.

 

SteveWh thanks for suggestions on Security on phpBB.

 

I also have a Phpbb forum related to Indian celebs....
I also experienced a similar problem few months back.. If your site is new one, just remove the software and install it again and put a complex password. and download,install any mods,etc from only phpbb.com . Don't download from other sites.. it will be fine.