Pink Poogle Toy Forum

The official community of Pink Poogle Toy
Main Site
NeoDex
It is currently Wed Nov 27, 2024 6:47 am

All times are UTC




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 16 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Help determining IP address?
PostPosted: Fri Dec 31, 2004 2:20 am 
Way Beyond Godly
Way Beyond Godly
User avatar

Posts: 6587
Joined: Mon May 31, 2004 4:21 am
Gender: Female
Right... this is kind of an odd situation, so bear with me :P

I host a forum for another member here (some of you will know which one I'm talking about). Today, myself, her, and the other administrator all found that we were unable to log in - we had been 'banned'. I was able to create a test account and change the settings via the database to admin myself, and unban us. However, there was also another user on the ban list - 'lock'. The profile ID number was 99999, and the join date was Jan 01, 1970.

Some of the boards were also deleted - from my point of view, they were general ones (announcements, site discussion), as well as the private admin board.

Problem being.. we have no idea who this person is - let alone how they managed to gain access to the admin panel. We'd like to find out who it was though, or at least their IP address. Sadly, my technical knowledge is somewhat limited, and I'm not sure how to find that out, since they didn't post at all.

If anyone could help, it'd be very much appreciated. I'm going away for a few days this afternoon, but I'm leaving the information with the other admins, so access to the database/anything is still available.


Gone, forever.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 2:24 am 
PPT Toddler
PPT Toddler

Posts: 170
Joined: Thu Jun 03, 2004 8:45 pm
Location: Somewhere around here and there
what software is your board running on?


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 2:24 am 
Way Beyond Godly
Way Beyond Godly
User avatar

Posts: 6587
Joined: Mon May 31, 2004 4:21 am
Gender: Female
phpBB 2.0.9 - I think that's what you mean o.o


Gone, forever.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 2:31 am 
Honorary Member
Honorary Member
User avatar

Posts: 7445
Joined: Mon May 31, 2004 9:10 am
Location: Frankfort, NY USA (set by Nikita)
Gender: Female
Also, they changed the word "Neopets" in the word filter to some vulgar words. >.<

It's just horrible because I had worked so hard on those boards that were deleted. I have no idea why someone would do something like this. :( It is a writing forum, too, so some of those posts/works are lost and probably can't be recreated.


Image Image
<3 Divas rock! Click to join. <3


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 2:41 am 
PPT God
PPT God
User avatar

Posts: 1851
Joined: Tue Sep 21, 2004 5:58 pm
Location: In Ohio. Catch me if you can :P
I'm working right now to see if there's any way you can track ips of people who never posted.

It's odd that they would do this. Seriously.


Image

<STOWA|Sleep> my sister questioned the title. "Half Blooded Prince? Does that mean he's a Moogle"


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 2:43 am 
Way Beyond Godly
Way Beyond Godly
User avatar

Posts: 6587
Joined: Mon May 31, 2004 4:21 am
Gender: Female
Thanks, meowth - that, and any other help, is greatly appreciated.


Gone, forever.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 3:17 am 
Beyond Godly
Beyond Godly
User avatar

Posts: 3041
Joined: Thu Jun 03, 2004 5:27 am
Location: at the late night science fiction picture show
I'm wondering if this has anything to do with that worm or virus - whatever it was - that hit some other forums. I'm no techie, it's just a thought. That someone found a vulnerability on your forum and decided to "play", as awful as that is.

As to IP addresses, I spent some time talking to the owner of a forum I moderate on - the forum had been hit with a really bad ddos attack. He did go through and gather IP addresses (no, I don't know how to do it). But he said the problem was that all the IP addresses appeared to have somehow been "spoofed" - with a program of some sort - so there was never a way to track down and deal with the actual perpetrators.

I do hope that your forum gets straightened out, that whoever did this is caught and dealt with, and I am sorry that so much work was destroyed :(


Image Image


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 3:23 am 
Way Beyond Godly
Way Beyond Godly
User avatar

Posts: 6587
Joined: Mon May 31, 2004 4:21 am
Gender: Female
(I love your set, everconfused!)

We did consider that the worm was a possibility, but there are none of the symptoms shown =\


Gone, forever.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 4:38 am 
PPT Warrior
PPT Warrior
User avatar

Posts: 911
Joined: Sat Jun 19, 2004 5:00 pm
Location: California
Gender: Male
Alex wrote:
phpBB 2.0.9 - I think that's what you mean o.o


First of all, when access is regained to the forum, it should be immediately updated to the latest version of phpBB. If there are MODs installed, I recommend that [Tool] phpBB 2.0.10 to 2.0.11 Changes be used. Otherwise, the regular update script available from phpbb.com should do just fine.

To get your admin account back, the person with phpMyadmin access should apply the below to their database.

Code:
# Reset everyone to member
UPDATE phpbb_users SET user_level = '0' WHERE user_level <> '0';

# Reset main admin to admin
UPDATE phpbb_users SET user_level = '1' WHERE user_id = '2';


Finally, I have some tools to recommend. The first is the phpBB Security MOD, which can be found here (Note: you'll have to register to download it. As a matter of fact, when you register it, you'll come across one of the features of phpBB Security). The second is Advanced IP Tools Pack (Read the description. Very good MOD. It has that function you desire: recording the IP before a user even posts, and much more!). Oh -- and another nifty tool to combat that worm that everyone's talking about is [RC] Anti-Net-Worm.Perl.Santy (very simple to install too, though in development. Still of use if you're using the latest version of phpBB).

EDIT -- A good place to go for some personalized help is phpBB ER.

And here's some information on that worm:

Quote:
Copied from pcworld.com

Web search engine company Google is blocking efforts by a new Internet worm to use its search engine to find vulnerable computers on the Internet, the company announced this week.

Google is blocking searches launched by Santy.A, a new Internet worm that targets servers running phpBB, a popular electronic bulletin board software package, according to a statement from the company. Without any native ability to scan for vulnerable computers, Google's action halted Santy.A's spread, according to antivirus companies.

Santy.A targets servers running phpBB. Antivirus companies first detected the worm Tuesday, though it may have been spreading silently well before that, according to Johannes Ullrich, chief technology officer at The SANS Institute's Internet Storm Center.

The worm used a vulnerability in phpBB, an open source software product that is managed by the phpBB Group, to spread across the Internet, infecting computer servers that host online bulletin boards and defacing those sites with the words "This site is defaced!!! NeverEverNoSanity WebWorm."

A phpBB component called viewtopic.php allows malicious commands to be passed to and executed on servers that run a vulnerable version of the phpBB software. Secunia, a Copenhagen-based security company, first reported the vulnerability on November 19. An updated version of phpBB software that fixes the flaw was released on November 18.


Impact Uncertain

Estimates of the impact of the Santy worm vary widely. Searches on a beta version of Microsoft's MSN Search feature for the text used to deface sites returned over 30,000 hits. However, identical searches on other engines, including the official MSN Search engine, Yahoo, and Google search engines returned far fewer hits, ranging from 785 (MSN) to 2030 (Yahoo).

However, using searches for telltale signs of infection, such as defacement text, is an inexact way to determine the actual number of Santy infections, says Ullrich.

"Santy will only deface sites if it can overwrite files, and it may not always be able to do that based on the configuration of the Web server [running phpBB]," he says.

Also, an analysis of the Santy code revealed that the worm spread quietly for a while, infecting phpBB servers but not overwriting files and defacing the bulletin boards, Ullrich says.

The Santy worm marked some firsts, including the use of a popular search engine as part of a worm's spreading mechanism. However, the lessons to be learned from Santy's spread are already well established: keep on top of software patches and "harden" the configuration of public-facing servers by preventing users from being able to take unnecessary actions, such as overwriting files, he says.


Hope this helps. :)


I run The Infinity Program, a den of villains and swashbucklers.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 5:23 am 
PPT Toddler
PPT Toddler
User avatar

Posts: 155
Joined: Fri Jun 18, 2004 2:07 am
Location: The place where penguins rule the earth!
Ah yes. There are a few PhpBB exploits out that let people log in as other people via the search bar. Thats all I know about the exploit but I think you should report this to someone. They obviously hate Neopets or they just want to make some people angry.

I assume these are the Frozen Midnight Forums? Please PM me and I might be able to help.


Image
Set by Me.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 5:55 am 
Way Beyond Godly
Way Beyond Godly
User avatar

Posts: 6587
Joined: Mon May 31, 2004 4:21 am
Gender: Female
Because I'm in the most insane rush here (literally about to race out the door), this is going to be short and sweet.

- Yes, we're planning to upgrade ASAP.
- Admin account's already back, I created a test account and modified that via the database.
- Thanks for the mods - they're very useful, and I'll probably install them all. Does the IP one enable you to see IPs from before you installed the MOD?

They're the Fantasybits writing forums, linked in Jasujo's signature.


Gone, forever.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 6:29 am 
PPT Warrior
PPT Warrior
User avatar

Posts: 911
Joined: Sat Jun 19, 2004 5:00 pm
Location: California
Gender: Male
Alex wrote:
Does the IP one enable you to see IPs from before you installed the MOD?


I believe that all registered users' information, including those prior to install, will be seen via user's profile.


I run The Infinity Program, a den of villains and swashbucklers.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 8:19 pm 
PPT Toddler
PPT Toddler

Posts: 110
Joined: Wed Nov 17, 2004 8:33 pm
Location: T.O.
does anyone else have admin access? maybe a staff member got upset and messed up the forum? *shrugs*


PPT's Live Chat - http://pinkpt.com/index.php?page=chat


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 10:55 pm 
Honorary Member
Honorary Member
User avatar

Posts: 7445
Joined: Mon May 31, 2004 9:10 am
Location: Frankfort, NY USA (set by Nikita)
Gender: Female
SyNiX wrote:
does anyone else have admin access? maybe a staff member got upset and messed up the forum? *shrugs*


Nope, the only people who had admin access are Alex, myself, and my husband timkhj (nick here and there).


Image Image
<3 Divas rock! Click to join. <3


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 11:34 pm 
PPT Toddler
PPT Toddler
User avatar

Posts: 155
Joined: Fri Jun 18, 2004 2:07 am
Location: The place where penguins rule the earth!
You could now find out what that persons IP address was by looking in the Admin logs....I think.


Image
Set by Me.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 16 posts ]  Go to page 1, 2  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group