Jump to content


Photo
- - - - -

Is ipboard safe from hackers?


  • Please log in to reply
16 replies to this topic

#1 .Ian

.Ian

    Needs Life

  • +Clients
  • 6,975 posts

Posted 06 October 2009 - 07:31 AM

Hi,

I see that http://www.ibskin.com/forums have now apparently been hacked.

This follows another third party site for IPB which was hacked about 3 weeks ago.

Is IP.Board safe if these sites are being hacked?

< I will ask my other question via a ticket, just in case it is a backdoor >

Thanks.

Add Comet Chat to your community :smile:  

Non League UK

Play safe and purchase IP.Board from IPS! - click here to buy

Converting from Vbulletin, phpBB or another forum to IPB? Click here for the conversion service - it might be free!

IPS Hosting - click here for the prices & specifications. Some packages include a free version of IP.Board!


#2 Russell.

Russell.

    IPB Full Member

  • Members
  • PipPipPip
  • 122 posts

Posted 06 October 2009 - 07:52 AM

Hi,

I see that http://www.ibskin.com/forums have now apparently been hacked.

This follows another third party site for IPB which was hacked about 3 weeks ago.

Is IP.Board safe if these sites are being hacked?

< I will ask my other question via a ticket, just in case it is a backdoor >

Thanks.

Personally I think IP.Board is one of the most secure forum software out there and you should always keep your board up to date.

This also highlights the importance of keeping regular backups.

As for ibskin.com:

Evanescense - Working as fast as we can to get IBSkin restored without loss of content. We were hacked pretty bad. We think it was an exemployee, not an actual hack.



#3 Energizer

Energizer

    Advanced Member

  • +Clients
  • 245 posts

Posted 06 October 2009 - 08:01 AM

There is no safe forum!
Each forum is only safe as long until someone proves the contrary.
Many people make no effort to find ways to hack into.
Therefore so many people think a forum is safe.
A forum is certainly = the earth is a Disc!



#4 Enkidu

Enkidu

    IP.Badass

  • Members
  • PipPipPipPipPipPip
  • 2,243 posts

Posted 06 October 2009 - 08:02 AM

IBSkin hacked? :o who? why? when? how?

See my other mods here

Latest: Adf.ly integration


#5 joncanning87@gmail.com

joncanning87@gmail.com

    I Like To Help :)

  • Members
  • PipPipPipPipPip
  • 644 posts

Posted 06 October 2009 - 08:21 AM

Simple precautions can be taken:

Make sure conf_global.php has only 444 permissions, and that everything else has 755 permissions. The only folders (recurrsively) that should be set to 777 are downloads, public, cache, and uploads. (Credit to IPS for that tidbit)

As well, any passwords used to access something that controls your forum (SSH, FTP, and/or Control Panel), make sure they are all different. This way if someone gets your forum password, it's not the end of the world. Another good thing is to change the admin directory, and put a password on it. This way if they find your hidden directory, they still need ANOTHER login to even access your ACP. :)

If you use cPanel, Kloxo or something similar, you should create a client/reseller account that does not have the privledges to delete MySQL databases/rows. This way, you can randomly generate a massive password for the main account, and write it down (so it can't be electronically hacked), and if the account you created gets hacked, your databases won't be compromised.

I've done all of that, it works very well. But you can only protect yourself so far. Good luck!
Posted Image

#6 rct2∑com

rct2∑com

    Learning By Helping

  • +Clients
  • 7,978 posts

Posted 06 October 2009 - 08:24 AM

I think that it is dangerous to assume that because a domain is hacked, then the 'back door' must be through the IP.Board. Sure ibskin/forums etc is posting about a hack, but it doesn't necessarily mean the attack came through the forums.

For example, a few months back one of the boards I help with started serving up a Trojan virus. An <iframe> had been placed in the skins which were downloading the Trojans through vistors' browsers.

Immediately, we all got worried about the security of IP.Board (v2.3.6 as it happens).

However, after extensive forensic evidence gathering I discovered that the backdoor was on a completely different script on a completely different domain that was run by somebody else on our server.

This forum software creates and updates a lot of files. These files belong to the web server user called 'Apache'. Every script on the server belongs to the same user 'Apache'. So when people find a backdoor where they can upload a hacking script, that script is owned and runs as user 'Apache'. Therefore every file created by a web server script is vulnerable to being attacked. whether it is in the domain being attacked, or otherwise.

This vulnerability is true of ANY web-based scripting engine, and not just IP.Board. You have to rely on the developers of the scripts being as diligent as possible in preventing 'hacks' by injecting nasty commands through their URLS. I have confidence that the folks at InVision have that diligence. What is more, even modders of Ip.Board can be reassured that any URLS that they serve up will have the input thoroughly cleaned before it is passed to their code.



 
 
If you'd like to make a donation to thank me for my help, please click here
 
The golden rule of upgrading is to make sure that you know how to get back to where you came from BEFORE you start going forwards. BACKUP, BACKUP, BACKUP.

#7 .Ian

.Ian

    Needs Life

  • +Clients
  • 6,975 posts

Posted 06 October 2009 - 08:29 AM

Thanks - I didn't see the status post by Evanescence before I posted, but she says it might have been an ex-employee. I hope all is sorted out soon.


Let us hope it was a rogue admin, rather than a hacker.









Add Comet Chat to your community :smile:  

Non League UK

Play safe and purchase IP.Board from IPS! - click here to buy

Converting from Vbulletin, phpBB or another forum to IPB? Click here for the conversion service - it might be free!

IPS Hosting - click here for the prices & specifications. Some packages include a free version of IP.Board!


#8 .Ian

.Ian

    Needs Life

  • +Clients
  • 6,975 posts

Posted 06 October 2009 - 08:35 AM

I think that it is dangerous to assume that because a domain is hacked, then the 'back door' must be through the IP.Board. Sure ibskin/forums etc is posting about a hack, but it doesn't necessarily mean the attack came through the forums.


Agree with you, but in both this case and the previous case it appears that data has been deleted by an admin of some description.

It is either a foolish admin (who would appear in the logs anyway) or the admin accounts are being compromised, so no security would help if that was the case (short of making all decision via a fellow admin reversible by another admin with a set period of time)





Add Comet Chat to your community :smile:  

Non League UK

Play safe and purchase IP.Board from IPS! - click here to buy

Converting from Vbulletin, phpBB or another forum to IPB? Click here for the conversion service - it might be free!

IPS Hosting - click here for the prices & specifications. Some packages include a free version of IP.Board!


#9 Caelum NimmiŽl

Caelum NimmiŽl

    IPB Member

  • Visitors
  • PipPip
  • 59 posts

Posted 06 October 2009 - 09:14 AM

To my (quite extensive, heh) knowledge, Energizer is right; there is no secure forum.

But I also believe IPB is by far the most secure at the moment, Assuming you use proper precautions.

The security center in ACP helps with security a great deal though, and I don't know any exploits in IPB myself currently.

Long story short, a hacking isn't neccesarily an issue with the software, no, and IPB is the most secure out there at the moment in my opinion, yes ;)
Posted Image

#10 Axel Wers

Axel Wers

    Senatus Populusque Romanus

  • +Clients
  • 3,743 posts

Posted 06 October 2009 - 09:36 AM

Hi,

I see that http://www.ibskin.com/forums have now apparently been hacked.

This follows another third party site for IPB which was hacked about 3 weeks ago.

Is IP.Board safe if these sites are being hacked?

< I will ask my other question via a ticket, just in case it is a backdoor >

Thanks.

Probably security hole in custom skin. I am not sure.

FreeSpace - FreeSpace Forum - Twitter - Facebook - WebMiesto
 
Axel Wers, on 28 Nov 2012 - 7:22 PM, said:
iArcade should be regular app in IP.Suite. Currently IPB looks much more social network than common forum. And games are very popular in social networks.


#11 Ryan H.

Ryan H.

    Watch how I soar.

  • +Clients
  • 3,015 posts

Posted 06 October 2009 - 09:39 AM

Probably security hole in custom skin. I am not sure.

Things don't work that way.
  • Alex K. likes this

Ryan Hoerr / "No1 1000"

 

IP.Board 3.4 Resources bullet_star.pngbullet_star.pngbullet_star.pngbullet_star.pngbullet_star.png

App Advanced Tags & Prefixes

App Easy Pages

Skin Graphite

Skin Thoreau


#12 .Brian

.Brian

    Needs Hobby

  • +Clients
  • 4,713 posts

Posted 06 October 2009 - 10:05 AM

Cracked not hacked.
  • Green Cat likes this

#13 Michael

Michael

    Meet Jay

  • +Clients
  • 19,587 posts

Posted 06 October 2009 - 10:20 AM

Things don't work that way.

It is actually feasible. IPS might have added a security check into some random form's template in a new release, and the custom skin failed to include that, thus opening a hole for some type of injection or other malicious activity.

Edited by Μichael, 06 October 2009 - 10:20 AM.

  • Axel Wers and Mark like this

Contact Me: Email · Facebook · Twitter · Google+


#14 Ryan H.

Ryan H.

    Watch how I soar.

  • +Clients
  • 3,015 posts

Posted 06 October 2009 - 10:43 AM

It is actually feasible. IPS might have added a security check into some random form's template in a new release, and the custom skin failed to include that, thus opening a hole for some type of injection or other malicious activity.

Any security checks would be server-side and in the source files; them being in the templates would only mean that it could be removed by the client making it utterly useless [that is, the security hole would be there regardless of the state of the skin]. I realize that there are conditionals which are not public-facing, but again, those would not be the final layer of security. The worst that could happen in that regard, that I can see, is that a form key would be mistyped [which there are a couple cases of in prior versions] causing a particular action to not work. Not quite board-compromising caliber.

There is definitely the potential for bad things to happen through custom skins, particularly if the creator includes their own special PHP for whatever purpose, but for a general skin and especially one of Sherri's, I'm pretty sure that would not be the case.

Ryan Hoerr / "No1 1000"

 

IP.Board 3.4 Resources bullet_star.pngbullet_star.pngbullet_star.pngbullet_star.pngbullet_star.png

App Advanced Tags & Prefixes

App Easy Pages

Skin Graphite

Skin Thoreau


#15 Mark

Mark

    I dropped the "iggy"

  • IPS Staff
  • 8,381 posts

Posted 06 October 2009 - 11:33 AM

Any security checks would be server-side and in the source files; them being in the templates would only mean that it could be removed by the client making it utterly useless [that is, the security hole would be there regardless of the state of the skin]. I realize that there are conditionals which are not public-facing, but again, those would not be the final layer of security. The worst that could happen in that regard, that I can see, is that a form key would be mistyped [which there are a couple cases of in prior versions] causing a particular action to not work. Not quite board-compromising caliber.

There is definitely the potential for bad things to happen through custom skins, particularly if the creator includes their own special PHP for whatever purpose, but for a general skin and especially one of Sherri's, I'm pretty sure that would not be the case.


Michael is correct, it is certainly possible, although it's a bit of a long shot.

I don't think it's really appropriate to speculate on what has happened to a particular site - if the owner has concerns they will contact us and we will investigate what happened. At the moment there are no known vulnerabilities in IP.Board's latest supported versions (3.0.3 or 2.3.6).
  • rct2∑com likes this

Mark Wade
Developer

zce-php5-3-logo.gif php5-zce-logo-new.gif


#16 Enkidu

Enkidu

    IP.Badass

  • Members
  • PipPipPipPipPipPip
  • 2,243 posts

Posted 06 October 2009 - 11:38 AM

if the owner has concerns they will contact us and we will investigate what happened.


I thought they already did? hmmm :unsure: maybe it's safe to conclude it was "internal" as eva said. Glad to know that IPB is safe.

See my other mods here

Latest: Adf.ly integration


#17 bfarber

bfarber

    RBT-KS

  • IPS Management
  • 28,614 posts

Posted 06 October 2009 - 01:05 PM

I thought they already did? hmmm :unsure: maybe it's safe to conclude it was "internal" as eva said. Glad to know that IPB is safe.


If the owner did contact us through the ticket system, we wouldn't be at liberty to share that information, so Mark's statement still stands. We don't really need to divulge whether they have or not. :)

Brandon Farber
Development Manager / Senior Support

If it sounds like fun, it's not allowed on the bus!

php5_zce_logo_new.gif     

Invision Power Services, Inc.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users