Forum Subject: phpbbbridge Hacked ?
Posted on: 05/02/07 02:54am
By: uKrease
Greetings all,
Yesterday I found that when I try to access my Geeklog phpBB section of the site, I get the following error :
An error has occurred:
2 - Illegal string offset: -12 @ /var/www/web23/web/phpBB2/language/lang_english/lang_main.php line 899
And below that is the entire session data listing usernames, database password and tons of other info, ending with the text "(This text is only displayed to users in the group 'Root'
"
I looked around initially to try find the problem, line 899 of the above file llists the time zones only and nothing suspicious was found there, so I deleted the entire phpBB dir and reinstalled the plugin, problem still there...
My Geeklog logfile lists the following entry :
[client 196.2.124.251] PHP Fatal error: Call to a member function on a non-object in /var/www/web23/web/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.php
whenever I try to access the plugins page, line 133 doesn`t help me much and looks fine ?
I disabled the plugin for now and changed all passwords etc etc...any idea where to start fixing this up...
Do I report this on the phpBB website as well ?
Yesterday I found that when I try to access my Geeklog phpBB section of the site, I get the following error :
Text Formatted Code
An error has occurred:
2 - Illegal string offset: -12 @ /var/www/web23/web/phpBB2/language/lang_english/lang_main.php line 899
And below that is the entire session data listing usernames, database password and tons of other info, ending with the text "(This text is only displayed to users in the group 'Root'
"I looked around initially to try find the problem, line 899 of the above file llists the time zones only and nothing suspicious was found there, so I deleted the entire phpBB dir and reinstalled the plugin, problem still there...
My Geeklog logfile lists the following entry :
Text Formatted Code
[client 196.2.124.251] PHP Fatal error: Call to a member function on a non-object in /var/www/web23/web/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.php
whenever I try to access the plugins page, line 133 doesn`t help me much and looks fine ?
I disabled the plugin for now and changed all passwords etc etc...any idea where to start fixing this up...
Do I report this on the phpBB website as well ?
Re: phpbbbridge Hacked ?
Posted on: 05/02/07 03:28am
By: Dirk
Can't comment on the status of phpBBBridge (does it contain the current version of phpBB?). However, this:
... means that you should set
// of a PHP error. ONLY set this to true with your non-production development
// environments!
$_CONF['rootdebug'] = false;
in your config.php ASAP. It's actually "false" by default, so you must have changed that at one point and forgotten to change it back.
bye, Dirk
Quote by: uKrease
And below that is the entire session data listing usernames, database password and tons of other info, ending with the text "(This text is only displayed to users in the group 'Root'"
... means that you should set
Text Formatted Code
// When set to true, this will display /detailed/ debug information in the event// of a PHP error. ONLY set this to true with your non-production development
// environments!
$_CONF['rootdebug'] = false;
in your config.php ASAP. It's actually "false" by default, so you must have changed that at one point and forgotten to change it back.
bye, Dirk
Re: phpbbbridge Hacked ?
Posted on: 05/02/07 04:39am
By: uKrease
Hi Dirk,
$_CONF['rootdebug'] was set to false, and I`m running the latest version of phpbbbridge which is 111 as per the plugins page and the latest Geeklog...
Some other info about the problem :
This was found in the log files as well :
Sat 28 Apr 2007 17:35:06 SAST - Error, invalid username: 'Gambrinus'
Sat 28 Apr 2007 18:54:29 SAST - Error, invalid username: 'Megabban'
Sat 28 Apr 2007 20:23:54 SAST - Error, invalid username: 'shroom'
Sun 29 Apr 2007 02:38:28 SAST - Error, invalid username: 'Tarasolas'
Sun 29 Apr 2007 10:14:01 SAST - Error, invalid username: 'Geoptruoi'
Sun 29 Apr 2007 10:21:22 SAST - Error, invalid username: 'Fapolasis'
Sun 29 Apr 2007 10:58:18 SAST - Error, invalid username: 'Mussolina'
Sun 29 Apr 2007 12:32:11 SAST - Error, invalid username: 'jimboboju'
Sun 29 Apr 2007 20:37:56 SAST - Error, invalid username: 'Bandarelad'
Sun 29 Apr 2007 20:48:02 SAST - Error, invalid username: 'Muronnist'
Mon 30 Apr 2007 02:08:11 SAST - Error, invalid username: 'their3114@ukrease.co.za'
Mon 30 Apr 2007 05:40:16 SAST - Error, invalid username: 'Hellsivin'
Mon 30 Apr 2007 06:11:25 SAST - Error, invalid username: 'dddddddab'
Mon 30 Apr 2007 10:01:41 SAST - Error, invalid username: 'Olikulirt'
Mon 30 Apr 2007 10:02:38 SAST - Error, invalid username: 'Kresturis'
Mon 30 Apr 2007 10:29:53 SAST - Error, invalid username: 'nubtestloa'
Mon 30 Apr 2007 12:21:05 SAST - Error, invalid username: 'gggggab'
Tue 01 May 2007 10:02:18 SAST - Error, invalid username: 'sea8078@ukrease.co.za
Content-Transfer-Encoding: 7bit
Content-Type: text/html
Subject: been called much you know at that
bcc: larry@tellingwellsoe.com
lab coats the of distances he grimly'
If that section is only shown to Root, then I guess without root perms no one gets to see the output I do, so I logged in with normal user rights and got an error :
Unfortunately, an error has occurred rendering this page. Please try again later.
This is however being shown due to me changing the db password, as it may have been exposed to unknown people (I`m slighly paranoid)
If I set the passwords correctly I get the same message.
Any suggestions would be great as I have no idea where else to look?
$_CONF['rootdebug'] was set to false, and I`m running the latest version of phpbbbridge which is 111 as per the plugins page and the latest Geeklog...
Some other info about the problem :
This was found in the log files as well :
Text Formatted Code
Sat 28 Apr 2007 17:35:06 SAST - Error, invalid username: 'Gambrinus'
Sat 28 Apr 2007 18:54:29 SAST - Error, invalid username: 'Megabban'
Sat 28 Apr 2007 20:23:54 SAST - Error, invalid username: 'shroom'
Sun 29 Apr 2007 02:38:28 SAST - Error, invalid username: 'Tarasolas'
Sun 29 Apr 2007 10:14:01 SAST - Error, invalid username: 'Geoptruoi'
Sun 29 Apr 2007 10:21:22 SAST - Error, invalid username: 'Fapolasis'
Sun 29 Apr 2007 10:58:18 SAST - Error, invalid username: 'Mussolina'
Sun 29 Apr 2007 12:32:11 SAST - Error, invalid username: 'jimboboju'
Sun 29 Apr 2007 20:37:56 SAST - Error, invalid username: 'Bandarelad'
Sun 29 Apr 2007 20:48:02 SAST - Error, invalid username: 'Muronnist'
Mon 30 Apr 2007 02:08:11 SAST - Error, invalid username: 'their3114@ukrease.co.za'
Mon 30 Apr 2007 05:40:16 SAST - Error, invalid username: 'Hellsivin'
Mon 30 Apr 2007 06:11:25 SAST - Error, invalid username: 'dddddddab'
Mon 30 Apr 2007 10:01:41 SAST - Error, invalid username: 'Olikulirt'
Mon 30 Apr 2007 10:02:38 SAST - Error, invalid username: 'Kresturis'
Mon 30 Apr 2007 10:29:53 SAST - Error, invalid username: 'nubtestloa'
Mon 30 Apr 2007 12:21:05 SAST - Error, invalid username: 'gggggab'
Tue 01 May 2007 10:02:18 SAST - Error, invalid username: 'sea8078@ukrease.co.za
Content-Transfer-Encoding: 7bit
Content-Type: text/html
Subject: been called much you know at that
bcc: larry@tellingwellsoe.com
lab coats the of distances he grimly'
If that section is only shown to Root, then I guess without root perms no one gets to see the output I do, so I logged in with normal user rights and got an error :
Text Formatted Code
Unfortunately, an error has occurred rendering this page. Please try again later.
This is however being shown due to me changing the db password, as it may have been exposed to unknown people (I`m slighly paranoid)
If I set the passwords correctly I get the same message.
Any suggestions would be great as I have no idea where else to look?
Re: phpbbbridge Hacked ?
Posted on: 05/02/07 05:13am
By: Dirk
Quote by: uKrease
Unfortunately, an error has occurred rendering this page. Please try again later.
If that section is only shown to Root, then I guess without root perms no one gets to see the output I do, so I logged in with normal user rights and got an error :
Text Formatted Code
Unfortunately, an error has occurred rendering this page. Please try again later.
Ah, okay. So that seems to work as expected, i.e. only Root users are shown all the details and normal visitors just get the non-informative message. So you should be fine there.
The "invalid username" messages in error.log are also "normal" - dictionary attacks and spambots that try to post to everything that looks like a web form.
The actual error (as quoted in your first post) seems to come from phpBB or the bridge, with which I'm not familiar, so I can't help you there, I'm afraid. It may be just some harmless error in phpBB or it's possible that someone hacked the phpBB portion of your site. But, as I said, I'm not in a position to make any judgements about that. All I can say is that it doesn't look like a problem on Geeklog's side.
bye, Dirk
Re: phpbbbridge Hacked ?
Posted on: 05/02/07 05:16am
By: uKrease
Thanks Dirk ,
I`ll post to the phpBB forums and see if anything comes out of that...
:pray:
I`ll post to the phpBB forums and see if anything comes out of that...
:pray:
Re: phpbbbridge Hacked ?
Posted on: 05/02/07 07:05am
By: uKrease
Hi again,
When I try to re-enable the phpbbbridge plugin I still get this error :
Can anyone provide assistance with this one ?
Line 133 starts with
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
When I try to re-enable the phpbbbridge plugin I still get this error :
Text Formatted Code
[client 196.2.124.251] PHP Fatal error: Call to a member function on a non-object in /var/www/web23/web/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.phpCan anyone provide assistance with this one ?
Line 133 starts with
Text Formatted Code
if (!($result = $db->sql_query($sql))){
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
Re: phpbbbridge Hacked ?
Posted on: 12/14/07 02:05am
By: garfy
I have the same problem, did you figure it out??
My site was hacked also in the past
My site was hacked also in the past
Re: phpbbbridge Hacked ?
Posted on: 12/14/07 02:21am
By: Anonymous (uKrease)
Hi there,
I tracked it down to the recent installation of the Docuwiki plugin....I initially installed it and it worked OK, then two days later is when I started getting the error messages I reported.
Eventually I disabled the Docuwiki plugin and everything worked fine, has been doing since.
The Docuwiki plugin still remains disabled though...I haven`t bothered to reactivate it and track down what causes it to crash the forum like that...
I tracked it down to the recent installation of the Docuwiki plugin....I initially installed it and it worked OK, then two days later is when I started getting the error messages I reported.
Eventually I disabled the Docuwiki plugin and everything worked fine, has been doing since.
The Docuwiki plugin still remains disabled though...I haven`t bothered to reactivate it and track down what causes it to crash the forum like that...
Re: phpbbbridge Hacked ?
Posted on: 12/14/07 02:38am
By: garfy
I dont have any docuwiki undr plugins
i only have captcha, spamx, polls, static pages, bridge
i only have captcha, spamx, polls, static pages, bridge
Re: phpbbbridge Hacked ?
Posted on: 12/14/07 02:42am
By: garfy
I dont have any docuwiki undr plugins
i only have captcha, spamx, polls, static pages, bridge
i only have captcha, spamx, polls, static pages, bridge
Re: phpbbbridge Hacked ?
Posted on: 12/14/07 02:48am
By: Anonymous (uKrease)
If you are getting the same error I got initially, disable the plugins one by one and see if that helps any....
Does your Geeklog log file also have this message reported when it crashes :
"[client 196.2.124.251] PHP Fatal error: Call to a member function on a non-object in <path to webroot>/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.php"
When I saw that I started disabling the plugins...
Does your Geeklog log file also have this message reported when it crashes :
"[client 196.2.124.251] PHP Fatal error: Call to a member function on a non-object in <path to webroot>/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.php"
When I saw that I started disabling the plugins...
Re: phpbbbridge Hacked ?
Posted on: 12/14/07 03:21am
By: garfy
No i could not find anything in the error file
I only use default plugins that comes with geeklog
only captcha is an addon
I wonder why this guy that is taking care of phpbridge is not answering at all
at least he could say I dont know or somthing
I only use default plugins that comes with geeklog
only captcha is an addon
I wonder why this guy that is taking care of phpbridge is not answering at all
at least he could say I dont know or somthing
Re: phpbbbridge Hacked ?
Posted on: 12/14/07 04:03am
By: jmucchiello
Quote by: garfy
It's only be 2 hours since you posted your problem. How often is he supposed to check the forums?I wonder why this guy that is taking care of phpbridge is not answering at all
Re: phpbbbridge Hacked ?
Posted on: 12/14/07 04:26am
By: garfy
I am talking about turias, I saw similar posts on his forum unanswered