Forum Hacker identified
 

@All,

The hacker (or should I say cracker?) was identified.

The attack came from IP address 62.43.75.130, which resolves to:

62-43-75-130.user.ono.com

Attack started at: 28/Mar/2005:02:41:37 -0700
Completed at: 28/Mar/2005:03:14:31 -0700

The service provider of the attacker resolves to a provider in Spain:
Registrant:
Cableuropa SA [NORG-3854901]

C\ Basauri, 7
E-28023 Aravaca. SPAIN

All corresponding logs and actions have been sent to the proper authorities.


Sadly, the attacker screwed up the database BIG TIME, and the latest backup is 12 days old, so the forum was restored to that database set.

If this happens again, I will definitely look into another forum software, which won't be phpBB based.

Thanks,
-kwag

The last message is not 6 days but 12 days old :(

Yes, indeed :(
The backup was done on Mach 16, so we lost 12 days of data :crashed: :crashed: :crashed: :crashed: :crashed: :crashed: :crashed: :crashed: :crashed: :crashed: :crashed: :crashed: :crashed: :crashed: :crashed:

I was away for the weekend and tried to go online to KVCD.net to find that message saying that payment wasn't made for the site.

I thought it was strange and was worried fearing KVCD.net would be gone forever.

Im sorry to hear that some lamer Hacker/Cracker did this to your site Karl it is disgraceful that some people have nothing better to do than mess everything up for everyone else.

Im also sorry that you lost 12 days of data, I can just imaging how much of a pain the a$$ this must be for you.

I hope this is the last time we have to endure this sort of thing.

Came back today from holiday, and wondered: "I'm sure it happened lots of things at KVCD", and decided "to go for a walk" in the forum... first happened as Zyphon said.

And now that I could manage to get in...

I know you already knew, but there's really evil people out there. You said that: a cracker.

I feel sad for what happened. :(

Thanks guys :)
BTW, I just upgraded the forum with all latest patches.
We're now on the latest version of phpBB.

-kwag

Bad day, man...

ok, let's refill that forum :)

FuPP

Tell me about it :roll: Thanks :D

-kwag

Great news Karl, let's hope this is the end of these nasty hackers. :cry:
Agreed on both counts. :)

Anybody noticed the number of "Guest" users on the forum :?:
I wonder if we have a new kind of worm trying to breach phpBB forums again :roll:

-kwag

Crackers, that is :)
I'm a hacker :D
Hackers are good, and crackers are evil :twisted:

-kwag

Hi,

Occured exactly the same...

As Fupp said, let's fill the forum! :-)

Salu2
Fabrice

Sorry Karl I stand corrected you are right of course. :D

Crackers are evil and mess up so many things including Forums and Software. :(

well, I don't know. I thought hackers=to find some flews in website, forums
crackers= to modify a software, usually to be able to use it without paying.
after that, white hat = good/blackhat= evil
:wink:

After a very careful look at the log files on that day, the hack was clearly caused by a Worm :!:
Each transaction was about one second apart, so this was not a manual user. It was a Worm(bot).
So there IS a new worm which can destroy phpBB forums version 2.0.11 (or below).

-kwag