phpbb hacked, any ideas?

[eclipse]

Hi all,
I hope it wasn't something I did. I used only official phpbb themes.

Anyway, I clicked on the group's bb this morning only to find the following message.

SQL ERROR [ mysqli ]

Table 'beyondfed.phpbb_config' doesn't exist [1146]

An sql error occurred while fetching this page. Please contact an administrator if this problem persists.

Any ideas what has happened and how I can avoid it in future? I'm such a newb!

 

[Cromulent]

phpBB is regularly hacked. It is one of the most vulnerable forum scripts available simply because it is used so much.

Not much you can do other than make sure your server is properly hardened and you have done all you can to protect the config file (if there is one, been a while since I used phpBB).

 

[eclipse]

I'm confused, is phpbb_config an actual file name in phpbb, or is it a line of code somewhere? (Feeling newb again).

 

[angelwatt]

I'm confused, is phpbb_config an actual file name in phpbb, or is it a line of code somewhere? (Feeling newb again).

Just from doing some Google, it looks like phpbb_config is a table name in the database. The error message you provided before says there's a database named beyondfed, have you created that database? I couldn't find anything by that name online, which is why I'm wondering.

I found this thread where someone had the same exact error message, but for a different database name. On that thread the issue was related to the install not being completed properly.

 

[mshepherd]

phpBB is regularly hacked. It is one of the most vulnerable forum scripts available simply because it is used so much.

Not much you can do other than make sure your server is properly hardened and you have done all you can to protect the config file (if there is one, been a while since I used phpBB).

phpBB 3 is not regularly hacked. If you are using an older version you are more prone.

 

[mikeyr0x]

Check with your host and see if they have a good backup of your site that is intact. If they do, then ask them to restore it and upgrade to the newest phbb version immediately afterward.

 

[SrWebDeveloper]

I am experienced at forum setup including phpBB and vB.

Yes it is possible you got hacked, the usual culprit with any phpBB is SQL injection, since it's open source developed and many third party hacks are not standardized:

The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

(Wikipedia)

It is technically possible to delete tables using SQL injection due to a combination of insecure PHP code and insecure database privileges for the user being granted access to that database in the connect string.

So here's what you do after your forum is back online running the latest stable version:

1) Immediately change the username and password to access the DB
2) Make sure the phpBB file storing that information is chmod 644
3) Visit the official phpBB bug tracker and upgrade/resolve all issues for your version
4) Only hack using officially approved hacks at http://www.phpbbhacks.com/ as they are tested/better written than those linked to third party sites from the phpBB community help forum.

-jim