Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 09:12 am EDT

Geeklog Forums

phpbbbridge Hacked ?


Status: offline

uKrease

Forum User
Junior
Registered: 01/30/06
Posts: 24
Location:JHB ZA
blank
Greetings all,

Yesterday I found that when I try to access my Geeklog phpBB section of the site, I get the following error :
Text Formatted Code

An error has occurred:
2 - Illegal string offset: -12 @ /var/www/web23/web/phpBB2/language/lang_english/lang_main.php line 899
 


And below that is the entire session data listing usernames, database password and tons of other info, ending with the text "(This text is only displayed to users in the group 'Root'Wink"

I looked around initially to try find the problem, line 899 of the above file llists the time zones only and nothing suspicious was found there, so I deleted the entire phpBB dir and reinstalled the plugin, problem still there...

My Geeklog logfile lists the following entry :
Text Formatted Code

[client 196.2.124.251] PHP Fatal error:  Call to a member function on a non-object in /var/www/web23/web/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.php
 


whenever I try to access the plugins page, line 133 doesn`t help me much and looks fine ?

I disabled the plugin for now and changed all passwords etc etc...any idea where to start fixing this up...

Do I report this on the phpBB website as well ?


 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Can't comment on the status of phpBBBridge (does it contain the current version of phpBB?). However, this:
Quote by: uKrease

And below that is the entire session data listing usernames, database password and tons of other info, ending with the text "(This text is only displayed to users in the group 'Root'Wink"


... means that you should set
Text Formatted Code
// When set to true, this will display /detailed/ debug information in the event
// of a PHP error. ONLY set this to true with your non-production development
// environments!
$_CONF['rootdebug'] = false;

in your config.php ASAP. It's actually "false" by default, so you must have changed that at one point and forgotten to change it back.

bye, Dirk
 Quote

Status: offline

uKrease

Forum User
Junior
Registered: 01/30/06
Posts: 24
Location:JHB ZA
Hi Dirk,

$_CONF['rootdebug'] was set to false, and I`m running the latest version of phpbbbridge which is 111 as per the plugins page and the latest Geeklog...

Some other info about the problem :

This was found in the log files as well :

Text Formatted Code

Sat 28 Apr 2007 17:35:06 SAST - Error, invalid username: 'Gambrinus'
Sat 28 Apr 2007 18:54:29 SAST - Error, invalid username: 'Megabban'
Sat 28 Apr 2007 20:23:54 SAST - Error, invalid username: 'shroom'
Sun 29 Apr 2007 02:38:28 SAST - Error, invalid username: 'Tarasolas'
Sun 29 Apr 2007 10:14:01 SAST - Error, invalid username: 'Geoptruoi'
Sun 29 Apr 2007 10:21:22 SAST - Error, invalid username: 'Fapolasis'
Sun 29 Apr 2007 10:58:18 SAST - Error, invalid username: 'Mussolina'
Sun 29 Apr 2007 12:32:11 SAST - Error, invalid username: 'jimboboju'
Sun 29 Apr 2007 20:37:56 SAST - Error, invalid username: 'Bandarelad'
Sun 29 Apr 2007 20:48:02 SAST - Error, invalid username: 'Muronnist'
Mon 30 Apr 2007 02:08:11 SAST - Error, invalid username: 'their3114@ukrease.co.za'
Mon 30 Apr 2007 05:40:16 SAST - Error, invalid username: 'Hellsivin'
Mon 30 Apr 2007 06:11:25 SAST - Error, invalid username: 'dddddddab'
Mon 30 Apr 2007 10:01:41 SAST - Error, invalid username: 'Olikulirt'
Mon 30 Apr 2007 10:02:38 SAST - Error, invalid username: 'Kresturis'
Mon 30 Apr 2007 10:29:53 SAST - Error, invalid username: 'nubtestloa'
Mon 30 Apr 2007 12:21:05 SAST - Error, invalid username: 'gggggab'
Tue 01 May 2007 10:02:18 SAST - Error, invalid username: 'sea8078@ukrease.co.za
Content-Transfer-Encoding: 7bit
Content-Type: text/html
Subject: been called much you know at that
bcc: larry@tellingwellsoe.com

lab coats the of distances he grimly'


If that section is only shown to Root, then I guess without root perms no one gets to see the output I do, so I logged in with normal user rights and got an error :

Text Formatted Code

Unfortunately, an error has occurred rendering this page. Please try again later.


This is however being shown due to me changing the db password, as it may have been exposed to unknown people (I`m slighly paranoid)

If I set the passwords correctly I get the same message.

Any suggestions would be great as I have no idea where else to look?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: uKrease

If that section is only shown to Root, then I guess without root perms no one gets to see the output I do, so I logged in with normal user rights and got an error :

Text Formatted Code

Unfortunately, an error has occurred rendering this page. Please try again later.


Ah, okay. So that seems to work as expected, i.e. only Root users are shown all the details and normal visitors just get the non-informative message. So you should be fine there.

The "invalid username" messages in error.log are also "normal" - dictionary attacks and spambots that try to post to everything that looks like a web form.

The actual error (as quoted in your first post) seems to come from phpBB or the bridge, with which I'm not familiar, so I can't help you there, I'm afraid. It may be just some harmless error in phpBB or it's possible that someone hacked the phpBB portion of your site. But, as I said, I'm not in a position to make any judgements about that. All I can say is that it doesn't look like a problem on Geeklog's side.

bye, Dirk
 Quote

Status: offline

uKrease

Forum User
Junior
Registered: 01/30/06
Posts: 24
Location:JHB ZA
Thanks Dirk ,

I`ll post to the phpBB forums and see if anything comes out of that...

:pray:
 Quote

Status: offline

uKrease

Forum User
Junior
Registered: 01/30/06
Posts: 24
Location:JHB ZA
Hi again,

When I try to re-enable the phpbbbridge plugin I still get this error :
Text Formatted Code
[client 196.2.124.251] PHP Fatal error:  Call to a member function on a non-object in /var/www/web23/web/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.php
 


Can anyone provide assistance with this one ?

Line 133 starts with
Text Formatted Code
if (!($result = $db->sql_query($sql)))
                {
                        message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
                }

 


 Quote

Status: offline

garfy

Forum User
Full Member
Registered: 01/02/05
Posts: 437
Location:EU
I have the same problem, did you figure it out??

My site was hacked also in the past
 Quote

uKrease

Anonymous
working
Hi there,

I tracked it down to the recent installation of the Docuwiki plugin....I initially installed it and it worked OK, then two days later is when I started getting the error messages I reported.

Eventually I disabled the Docuwiki plugin and everything worked fine, has been doing since.

The Docuwiki plugin still remains disabled though...I haven`t bothered to reactivate it and track down what causes it to crash the forum like that...
 Quote

Status: offline

garfy

Forum User
Full Member
Registered: 01/02/05
Posts: 437
Location:EU
I dont have any docuwiki undr plugins

i only have captcha, spamx, polls, static pages, bridge
 Quote

Status: offline

garfy

Forum User
Full Member
Registered: 01/02/05
Posts: 437
Location:EU
I dont have any docuwiki undr plugins

i only have captcha, spamx, polls, static pages, bridge
 Quote

uKrease

Anonymous
If you are getting the same error I got initially, disable the plugins one by one and see if that helps any....

Does your Geeklog log file also have this message reported when it crashes :

"[client 196.2.124.251] PHP Fatal error: Call to a member function on a non-object in <path to webroot>/phpBB2/includes/sessions.php on line 133, referer: http://www.ukrease.co.za/admin/plugins.php"

When I saw that I started disabling the plugins...
 Quote

Status: offline

garfy

Forum User
Full Member
Registered: 01/02/05
Posts: 437
Location:EU
No i could not find anything in the error file

I only use default plugins that comes with geeklog

only captcha is an addon

I wonder why this guy that is taking care of phpbridge is not answering at all

at least he could say I dont know or somthing
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 08/29/05
Posts: 985
Quote by: garfy

I wonder why this guy that is taking care of phpbridge is not answering at all

It's only be 2 hours since you posted your problem. How often is he supposed to check the forums?
 Quote

Status: offline

garfy

Forum User
Full Member
Registered: 01/02/05
Posts: 437
Location:EU
I am talking about turias, I saw similar posts on his forum unanswered

 Quote

All times are EDT. The time is now 09:12 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content