Phpbb2 forum hacked

  • Roxy
  • Beginner
  • Beginner
  • User avatar
  • Posts: 63

Post 3+ Months Ago

well our forum got hacked they wiped us out clean from what i heard they used brute force or something is there any security measures i can take now to protect us from this happening again in the future?
  • Maedhros
  • Proficient
  • Proficient
  • User avatar
  • Posts: 325
  • Loc: Durham, England

Post 3+ Months Ago

How did you get hacked? Was it a vulnerability in the phpBB code itself? If so, you might want to tell them about it (unless they already know, like this vulnerability - http://www.ozzu.com/ftopic36467.html). If it wasn't, then what you should do depends on the circumstances. If they brute-forced an admin's password, then make sure all your admins have passwords that are much harder to guess next time. If it was something else, then you might need to look at how that happened. It's very dependent on what actually happened, really.
  • neksus
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2194
  • Loc: Canada

Post 3+ Months Ago

Well...lets just assume Roxy was right in the assumption they got brute-forced. Basically, what that means, is they kept trying passwords until they got it. Maybe try something thats 16 digits (128 bit) and make it alphanumeric! My email password is that, and its got random stuff thrown in! Nobody is gonna ever guess it! $100 to somebody who does! lol
  • Roxy
  • Beginner
  • Beginner
  • User avatar
  • Posts: 63

Post 3+ Months Ago

so how does that work they just keep guessing and guessing until they got the right password?
  • whatlikesit12345
  • Guru
  • Guru
  • User avatar
  • Posts: 1211

Post 3+ Months Ago

thats basically brute hacking.

they take the admin and then get a password list

ex:

admin:adminisgod
admin:adminisgod1
admin:adminisgod2
admin:adminisgod3
ect
ect
ect

then they run it(the list) through a program and it logs you in, it stops and says the password. not hard. not that i would know. i know friends who do
  • ScienceOfSpock
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1893
  • Loc: Las Vegas

Post 3+ Months Ago

There was an exploit discovered in phpbb 2.0.8 in September. It was patched in 2.0.11.
  • darkermoon
  • Expert
  • Expert
  • User avatar
  • Posts: 542
  • Loc: Riverdale, MD

Post 3+ Months Ago

if it is in fact brute force, could you not incorporate a sort of script to log failed attempts and ban by IP after so many? For all I know, this could already be incorporated in some way. It just seems like this would not be too difficult. Then, if you're worried about the person going through a proxy, you could have it ban everything except for your IP or something to more than regular user access until you enable it again or a set amount of time.. just thoughts.
  • ScienceOfSpock
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1893
  • Loc: Las Vegas

Post 3+ Months Ago

Another good defense against brute force attacks (if you have direct access to the DB) is to simply disable the admin account.
If you need to use it, access the DB, enable it, do your business then disable it again. This way, even if a brute force attack gets a password, the highest access level they would have would be that of a normal user (or moderator, if you use them), not admin.
  • Mas Sehguh
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1853

Post 3+ Months Ago

Brute force attacks can sometimes happen without actually attempting to login over and over again. If some exploit gives the cracker read access to the database, they can see all the password hashes. Then they can figure out the password for the given hash by a dictionary attack, without having to connect to the site's server over and over again.
  • whatlikesit12345
  • Guru
  • Guru
  • User avatar
  • Posts: 1211

Post 3+ Months Ago

darkermoon wrote:
if it is in fact brute force, could you not incorporate a sort of script to log failed attempts and ban by IP after so many? For all I know, this could already be incorporated in some way. It just seems like this would not be too difficult. Then, if you're worried about the person going through a proxy, you could have it ban everything except for your IP or something to more than regular user access until you enable it again or a set amount of time.. just thoughts.


that would be possible until they get an IP list and run it through. just change their ip evrery 5 tries
  • Mas Sehguh
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1853

Post 3+ Months Ago

You could allow only N login attempts to a given name in a given time period, universally.
  • aeon
  • Graduate
  • Graduate
  • User avatar
  • Posts: 184
  • Loc: Ireland

Post 3+ Months Ago

some bruteforcers, such as L0phtcrack can't bruteforce passwords that contain non-ascii characters, these would be characters which require the use of the 'alt' button such as æ

if your password was bruteforced it means it was a bad password, 14 characters is the minimum it should contain. It should contain characters from the three character sets...

set 1: abcdefghij ABCDEFGHI........
set 2: 012345...
set 3: "^*"£&(")#'@ .... etc

and maybe the non-ascii characters. You should also change your password every month
  • meman
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3432
  • Loc: London Town , Apples and pears and all that crap

Post 3+ Months Ago

The best security measure is to lock the account after 5 wrong password tries then make people reactivate the account from an email like they do when they sign up.

Phpbb is crap for security though (because everybody uses it)
Chances are they just exploited it and had your password displayed on the forum.

Make sure all patches are applied, even 2.0.11 needs to be patched already. Its easy to get all database info displayed just by typing a crafted url in the browser.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23455
  • Loc: Woodbridge VA

Post 3+ Months Ago

Tip:

Do not use the same username and password for your database as your cPanel login. Likewise, do not use the same username and password for the board admin as either of the two above. As already noted, make your user account an admin account and disable the board default admin account.

You can get in and take control of your board back if any one of the three are compromised. If your cPanel account is compromised, your host can take control of that back and reset your access.

Always do daily backups of your database. You won't be able to completely restore your database if you don't.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

I'm off the opinion that you can and should take all of the above mentioned precautions.

On the other hand I also believe that if someone really wants to get in they will, no matter the restrictions you put in place.

So make it as difficult as possible but never assume that it is safe. As ATNO describes, the only secure option is to back-up your database on a daily basis.

Then when they do wipe you out you can restore the DB and you are up and running again! Then they can wipe you out again and you can restore it again. Then they can wipe you out again and you can restore it again. Then they can wipe you out again and you can restore it again. (Okay I think you get the picture) ;)
  • Jetlag
  • Newbie
  • Newbie
  • Jetlag
  • Posts: 12
  • Loc: Vancouver, Canada

Post 3+ Months Ago

Quote:
Today a lot of Webservers have been hacked by a so called "Net-Worm.Perl.Santy.a". This worm infects certain web sites by exploiting a vulnerability in phpBB. Santy.a is spreading rapidly, and has caused an epidemic. Santy.a is something of a novelty - it creates a specially formulated Google search request, which results in a list of sites running vulnerable versions of phpBB. It then sends a request containing a procedure which will trigger the vulnerability to these sites. Once the attacked server processes the request, the worm will penetrate the site, gaining control over the resource. It then repeats this routine. Once the worm has gained control over a site, it will scan all directories on the infected site. All files with the extensions .htm, .php, .asp, .shtm, .jsp and phtm will be overwritten with the text 'This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation'. Apart from defacing infected sites with this text, the worm has no pay load. It will not infect machines which are used to view infected sites. We recommend that all users of phpBB should upgrade to version 2.0.11 to prevent their sites from being defaced.

From http://www.phpbb2.de

Example of a few sites hit
http://beta.search.msn.com/results.aspx?q=%22This+site+is+defaced%21%21%21%22+NeverEverNoSanity&FORM=QBHP
  • ScienceOfSpock
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1893
  • Loc: Las Vegas

Post 3+ Months Ago

Jetlag wrote:
Quote:
Today a lot of Webservers have been hacked by a so called "Net-Worm.Perl.Santy.a". This worm infects certain web sites by exploiting a vulnerability in phpBB. Santy.a is spreading rapidly, and has caused an epidemic. Santy.a is something of a novelty - it creates a specially formulated Google search request, which results in a list of sites running vulnerable versions of phpBB. It then sends a request containing a procedure which will trigger the vulnerability to these sites. Once the attacked server processes the request, the worm will penetrate the site, gaining control over the resource. It then repeats this routine. Once the worm has gained control over a site, it will scan all directories on the infected site. All files with the extensions .htm, .php, .asp, .shtm, .jsp and phtm will be overwritten with the text 'This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation'. Apart from defacing infected sites with this text, the worm has no pay load. It will not infect machines which are used to view infected sites. We recommend that all users of phpBB should upgrade to version 2.0.11 to prevent their sites from being defaced.

From http://www.phpbb2.de

Example of a few sites hit
http://beta.search.msn.com/results.aspx?q=%22This+site+is+defaced%21%21%21%22+NeverEverNoSanity&FORM=QBHP


I turned off my forum, not because I don't want to deal with the problem, but because it's the holidays, I don't have time to deal with it.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23455
  • Loc: Woodbridge VA

Post 3+ Months Ago

This is what it will look like if you are victim:

Image
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

go check here for more info
http://www.us-cert.gov/cas/techalerts/TA04-356A.html
from US-CERT Technical Cyber Security
  • meman
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3432
  • Loc: London Town , Apples and pears and all that crap

Post 3+ Months Ago

Its quite clever really, though wrecking the whole site is stupid.

That link says people should upgrade to 2.0.11 but the highlight exploit is uses is still exploitable in 2.0.11 isnt it? i thought phpbb released a patch for 2.0.11 to deal with it.
  • cubechris
  • Graduate
  • Graduate
  • User avatar
  • Posts: 247
  • Loc: Gloucester, UK

Post 3+ Months Ago

This has happened to be as i was still on 2.0.10, but Google have now been reported to have stopped the worm from using them to find the phpbb forums.

To late for me, also as i am now doing a fresh installation, how come i keep getting the following message:

Code: [ Select ]
phpBB : Critical Error

Could not connect to the database
  1. phpBB : Critical Error
  2. Could not connect to the database
  • Maedhros
  • Proficient
  • Proficient
  • User avatar
  • Posts: 325
  • Loc: Durham, England

Post 3+ Months Ago

meman wrote:
That link says people should upgrade to 2.0.11 but the highlight exploit is uses is still exploitable in 2.0.11 isnt it? i thought phpbb released a patch for 2.0.11 to deal with it.

No, it's fixed in 2.0.11 - http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=244451. There was a patch to fix older versions, though...
  • cubechris
  • Graduate
  • Graduate
  • User avatar
  • Posts: 247
  • Loc: Gloucester, UK

Post 3+ Months Ago

Can somebody please offer me advice as to what i have done wrong? I cant install my forum!
  • Maedhros
  • Proficient
  • Proficient
  • User avatar
  • Posts: 325
  • Loc: Durham, England

Post 3+ Months Ago

"Cannot connect to the database" - that can only be caused by a certain number of things. Make sure your username and password are correct, and that you've got the right database server set up. These values should be in config.php.
  • cubechris
  • Graduate
  • Graduate
  • User avatar
  • Posts: 247
  • Loc: Gloucester, UK

Post 3+ Months Ago

anybody willing to help me over Messenger with my instalation?
  • cubechris
  • Graduate
  • Graduate
  • User avatar
  • Posts: 247
  • Loc: Gloucester, UK

Post 3+ Months Ago

Ok ive done the installation up to a point then get this error message:


Code: [ Select ]
An error has occurred during installation
An error occurred trying to update the database
Table 'phpbb_auth_access' already exists
  1. An error has occurred during installation
  2. An error occurred trying to update the database
  3. Table 'phpbb_auth_access' already exists
  • Maedhros
  • Proficient
  • Proficient
  • User avatar
  • Posts: 325
  • Loc: Durham, England

Post 3+ Months Ago

You know, most error messages are designed to be informative. :wink:

In this case the database table already exists, so it can't be created again. You'll have to go into the database with phpMyAdmin or equivalent and remove the table, along with any others that start with phpbb_. Of course, this will remove all the data within that tables, but if you've never used them for phpbb before they'll be empty anyway.
  • George L.
  • Bronze Member
  • Bronze Member
  • George L.
  • Posts: 2209
  • Loc: Malaysia

Post 3+ Months Ago

whatlikesit12345 wrote:
thats basically brute hacking.

they take the admin and then get a password list

ex:

admin:adminisgod
admin:adminisgod1
admin:adminisgod2
admin:adminisgod3
ect
ect
ect

then they run it(the list) through a program and it logs you in, it stops and says the password. not hard. not that i would know. i know friends who do


An example of a brute force program they might have used is some program which was developed using VB. Below is a sample code if you are still wondering how it was built. It is only half the code, not posting full for obvious reason. This I think is my speculation; they might have used different strategy or a combination. It is my curiosity sometimes I try to think what are their motivations to develop tools and learning all these to intrude websites. Anyway, human by nature are always curious as I am. We all are. I am not sure about your friends and where you live in, in me so far, I have never faced anything like that. Maybe I do not even have a popular website. Besides, backing up your database again and again; there are ways that can help cut off risks of getting hacked; at least to minimum, say risk of downtime average per year? I cannot remember that.
Code: [ Select ]
 
Attribute VB_Name = "Module1"
 
Option Explicit
 
Private Const IP_STATUS_BASE = 11000
Private Const IP_SUCCESS = 0
Private Const IP_BUF_TOO_SMALL = (11000 + 1)
Private Const IP_DEST_NET_UNREACHABLE = (11000 + 2)
Private Const IP_DEST_HOST_UNREACHABLE = (11000 + 3)
Private Const IP_DEST_PROT_UNREACHABLE = (11000 + 4)
Private Const IP_DEST_PORT_UNREACHABLE = (11000 + 5)
Private Const IP_NO_RESOURCES = (11000 + 6)
Private Const IP_BAD_OPTION = (11000 + 7)
Private Const IP_HW_ERROR = (11000 + 8)
Private Const IP_PACKET_TOO_BIG = (11000 + 9)
Private Const IP_REQ_TIMED_OUT = (11000 + 10)
Private Const IP_BAD_REQ = (11000 + 11)
Private Const IP_BAD_ROUTE = (11000 + 12)
Private Const IP_TTL_EXPIRED_TRANSIT = (11000 + 13)
Private Const IP_TTL_EXPIRED_REASSEM = (11000 + 14)
Private Const IP_PARAM_PROBLEM = (11000 + 15)
Private Const IP_SOURCE_QUENCH = (11000 + 16)
Private Const IP_OPTION_TOO_BIG = (11000 + 17)
Private Const IP_BAD_DESTINATION = (11000 + 18)
Private Const IP_ADDR_DELETED = (11000 + 19)
Private Const IP_SPEC_MTU_CHANGE = (11000 + 20)
Private Const IP_MTU_CHANGE = (11000 + 21)
Private Const IP_UNLOAD = (11000 + 22)
Private Const IP_ADDR_ADDED = (11000 + 23)
Private Const IP_GENERAL_FAILURE = (11000 + 50)
Private Const MAX_IP_STATUS = 11000 + 50
Private Const IP_PENDING = (11000 + 255)
Private Const PING_TIMEOUT = 200
Private Const WS_VERSION_REQD = &H101
Private Const WS_VERSION_MAJOR = WS_VERSION_REQD \ &H100 And &HFF&
Private Const WS_VERSION_MINOR = WS_VERSION_REQD And &HFF&
Private Const MIN_SOCKETS_REQD = 1
Private Const SOCKET_ERROR = -1
 
Private Const AF_UNSPEC As Integer = 0                    ' unspecified
Private Const AF_UNIX As Integer = 1                      ' local to host (pipes, portals)
Private Const AF_INET As Integer = 2                     ' internetwork: UDP, TCP, etc.
Private Const AF_IMPLINK As Integer = 3                  ' arpanet imp addresses
Private Const AF_PUP As Integer = 4                      ' pup protocols: e.g. BSP
Private Const AF_CHAOS As Integer = 5                    ' mit CHAOS protocols
Private Const AF_IPX As Integer = 6                      ' IPX and SPX
Private Const AF_NS As Integer = AF_IPX                  ' XEROX NS protocols
Private Const AF_ISO As Integer = 7                      ' ISO protocols
Private Const AF_OSI As Integer = AF_ISO                 ' OSI is ISO
Private Const AF_ECMA As Integer = 8                     ' european computer manufacturers
Private Const AF_DATAKIT As Integer = 9                  ' datakit protocols
Private Const AF_CCITT As Integer = 10                    ' CCITT protocols, X.25 etc
Private Const AF_SNA As Integer = 11                      ' IBM SNA
Private Const AF_DECnet As Integer = 12                   ' DECnet
Private Const AF_DLI As Integer = 13                      ' Direct data link interface
Private Const AF_LAT As Integer = 14                      ' LAT
Private Const AF_HYLINK As Integer = 15                  ' NSC Hyperchannel
Private Const AF_APPLETALK As Integer = 16               ' AppleTalk
Private Const AF_NETBIOS As Integer = 17                  ' NetBios-style addresses
Private Const AF_VOICEVIEW As Integer = 18               ' VoiceView
Private Const AF_FIREFOX As Integer = 19                  ' Protocols from Firefox
Private Const AF_UNKNOWN1 As Integer = 20                 ' Somebody is using this!
Private Const AF_BAN As Integer = 21                     ' Banyan
Private Const AF_ATM As Integer = 22                     ' Native ATM Services
Private Const AF_INET6 As Integer = 23                   ' Internetwork Version 6
Private Const AF_CLUSTER As Integer = 24                 ' Microsoft Wolfpack
Private Const AF_12844 As Integer = 25                   ' IEEE 1284.4 WG AF
 
Private Const MAX_WSADescription = 256
Private Const MAX_WSASYSStatus = 128
 
Private Type Inet_address
  Byte4 As Byte
  Byte3 As Byte
  Byte2 As Byte
  Byte1 As Byte
End Type
Private IPLong As Inet_address
 
 
Private Type ICMP_OPTIONS
    Ttl             As Byte
    Tos             As Byte
    Flags           As Byte
    OptionsSize     As Byte
    OptionsData     As Long
End Type
 
Dim ICMPOPT As ICMP_OPTIONS
 
Private Type ICMP_ECHO_REPLY
    Address         As Long
    Status          As Long
    RoundTripTime   As Long
    DataSize        As Long  'formerly integer
  '  Reserved        As Integer
    DataPointer     As Long
    Options         As ICMP_OPTIONS
    data            As String * 250
End Type
 
Private Type HOSTENT
    hName As Long
    hAliases As Long
    hAddrType As Integer
    hLength As Integer
    hAddrList As Long
End Type
 
Private Type WSADATA
    wversion As Integer
    wHighVersion As Integer
    szDescription(0 To MAX_WSADescription) As Byte
    szSystemStatus(0 To MAX_WSASYSStatus) As Byte
    wMaxSockets As Long
    wMaxUDPDG As Long
    dwVendorInfo As Long
End Type
 
Private Declare Function IcmpCreateFile Lib "Icmp.dll" () As Long
Private Declare Function IcmpCloseHandle Lib "Icmp.dll" (ByVal IcmpHandle As Long) As Long
Private Declare Function IcmpSendEcho Lib "Icmp.dll" (ByVal IcmpHandle As Long, ByVal DestinationAddress As Long, ByVal RequestData As String, ByVal RequestSize As Long, ByVal RequestOptions As Long, ReplyBuffer As ICMP_ECHO_REPLY, ByVal ReplySize As Long, ByVal TimeOut As Long) As Long
Private Declare Function WSAGetLastError Lib "WSOCK32.DLL" () As Long
Private Declare Function WSAStartup Lib "WSOCK32.DLL" (ByVal wVersionRequired As Long, lpWSAData As WSADATA) As Long
Private Declare Function WSACleanup Lib "WSOCK32.DLL" () As Long
Private Declare Function gethostname Lib "WSOCK32.DLL" (ByVal szHost As String, ByVal dwHostLen As Long) As Long
Private Declare Function gethostbyaddr Lib "WSOCK32.DLL" (addr As Long, addrLen As Long, addrType As Long) As Long
Private Declare Function inet_addr Lib "WSOCK32.DLL" (ByVal ipaddress$) As Long
Private Declare Sub RtlMoveMemory Lib "KERNEL32" (hpvDest As Any, ByVal hpvSource As Long, ByVal cbCopy As Long)
 
 
Type IP_OPTION_INFORMATION
  Ttl As Byte
  Tos As Byte
  Flags As Byte
  OptionsSize As Long
  OptionsData As String * 128
End Type
 
Public pIPo As IP_OPTION_INFORMATION
 
Type IP_ECHO_REPLY
  Address(0 To 3) As Byte
  Status As Long
  RoundTripTime As Long
  DataSize As Integer
  Reserved As Integer
  data As Long
  Options As IP_OPTION_INFORMATION
End Type
 
Public pIPe As IP_ECHO_REPLY
 
'Winsock
Declare Function gethostbyname& Lib "WSOCK32.DLL" (ByVal hostname$)
 
'Kernel
Declare Sub CopyMemory Lib "KERNEL32" Alias "RtlMoveMemory" (hpvDest As Any, hpvSource As Any, ByVal cbCopy As Long)
 
Private Function GetStatusCode(Status As Long) As String
 
   Dim msg As String
 
   Select Case Status
      Case IP_SUCCESS:               msg = "ip success"
      Case IP_BUF_TOO_SMALL:         msg = "ip buf too_small"
      Case IP_DEST_NET_UNREACHABLE:  msg = "ip dest net unreachable"
      Case IP_DEST_HOST_UNREACHABLE: msg = "ip dest host unreachable"
      Case IP_DEST_PROT_UNREACHABLE: msg = "ip dest prot unreachable"
      Case IP_DEST_PORT_UNREACHABLE: msg = "ip dest port unreachable"
      Case IP_NO_RESOURCES:          msg = "ip no resources"
      Case IP_BAD_OPTION:            msg = "ip bad option"
      Case IP_HW_ERROR:              msg = "ip hw_error"
      Case IP_PACKET_TOO_BIG:        msg = "ip packet too_big"
      Case IP_REQ_TIMED_OUT:         msg = "ip req timed out"
      Case IP_BAD_REQ:               msg = "ip bad req"
      Case IP_BAD_ROUTE:             msg = "ip bad route"
      Case IP_TTL_EXPIRED_TRANSIT:   msg = "ip ttl expired transit"
      Case IP_TTL_EXPIRED_REASSEM:   msg = "ip ttl expired reassem"
      Case IP_PARAM_PROBLEM:         msg = "ip param_problem"
      Case IP_SOURCE_QUENCH:         msg = "ip source quench"
      Case IP_OPTION_TOO_BIG:        msg = "ip option too_big"
      Case IP_BAD_DESTINATION:       msg = "ip bad destination"
      Case IP_ADDR_DELETED:          msg = "ip addr deleted"
      Case IP_SPEC_MTU_CHANGE:       msg = "ip spec mtu change"
      Case IP_MTU_CHANGE:            msg = "ip mtu_change"
      Case IP_UNLOAD:                msg = "ip unload"
      Case IP_ADDR_ADDED:            msg = "ip addr added"
      Case IP_GENERAL_FAILURE:       msg = "ip general failure"
      Case IP_PENDING:               msg = "ip pending"
      Case PING_TIMEOUT:             msg = "ping timeout"
      Case Else:                     msg = "unknown  msg returned"
   End Select
   
   GetStatusCode = CStr(Status) & "   [ " & msg & " ]"
   
End Function
 
 
Private Function hibyte(ByVal wParam As Long) As Integer
 
    hibyte = wParam \ &H100 And &HFF&
 
End Function
 
 
Private Function lobyte(ByVal wParam As Long) As Integer
 
    lobyte = wParam And &HFF&
 
End Function
 
 
 
  1.  
  2. Attribute VB_Name = "Module1"
  3.  
  4. Option Explicit
  5.  
  6. Private Const IP_STATUS_BASE = 11000
  7. Private Const IP_SUCCESS = 0
  8. Private Const IP_BUF_TOO_SMALL = (11000 + 1)
  9. Private Const IP_DEST_NET_UNREACHABLE = (11000 + 2)
  10. Private Const IP_DEST_HOST_UNREACHABLE = (11000 + 3)
  11. Private Const IP_DEST_PROT_UNREACHABLE = (11000 + 4)
  12. Private Const IP_DEST_PORT_UNREACHABLE = (11000 + 5)
  13. Private Const IP_NO_RESOURCES = (11000 + 6)
  14. Private Const IP_BAD_OPTION = (11000 + 7)
  15. Private Const IP_HW_ERROR = (11000 + 8)
  16. Private Const IP_PACKET_TOO_BIG = (11000 + 9)
  17. Private Const IP_REQ_TIMED_OUT = (11000 + 10)
  18. Private Const IP_BAD_REQ = (11000 + 11)
  19. Private Const IP_BAD_ROUTE = (11000 + 12)
  20. Private Const IP_TTL_EXPIRED_TRANSIT = (11000 + 13)
  21. Private Const IP_TTL_EXPIRED_REASSEM = (11000 + 14)
  22. Private Const IP_PARAM_PROBLEM = (11000 + 15)
  23. Private Const IP_SOURCE_QUENCH = (11000 + 16)
  24. Private Const IP_OPTION_TOO_BIG = (11000 + 17)
  25. Private Const IP_BAD_DESTINATION = (11000 + 18)
  26. Private Const IP_ADDR_DELETED = (11000 + 19)
  27. Private Const IP_SPEC_MTU_CHANGE = (11000 + 20)
  28. Private Const IP_MTU_CHANGE = (11000 + 21)
  29. Private Const IP_UNLOAD = (11000 + 22)
  30. Private Const IP_ADDR_ADDED = (11000 + 23)
  31. Private Const IP_GENERAL_FAILURE = (11000 + 50)
  32. Private Const MAX_IP_STATUS = 11000 + 50
  33. Private Const IP_PENDING = (11000 + 255)
  34. Private Const PING_TIMEOUT = 200
  35. Private Const WS_VERSION_REQD = &H101
  36. Private Const WS_VERSION_MAJOR = WS_VERSION_REQD \ &H100 And &HFF&
  37. Private Const WS_VERSION_MINOR = WS_VERSION_REQD And &HFF&
  38. Private Const MIN_SOCKETS_REQD = 1
  39. Private Const SOCKET_ERROR = -1
  40.  
  41. Private Const AF_UNSPEC As Integer = 0                    ' unspecified
  42. Private Const AF_UNIX As Integer = 1                      ' local to host (pipes, portals)
  43. Private Const AF_INET As Integer = 2                     ' internetwork: UDP, TCP, etc.
  44. Private Const AF_IMPLINK As Integer = 3                  ' arpanet imp addresses
  45. Private Const AF_PUP As Integer = 4                      ' pup protocols: e.g. BSP
  46. Private Const AF_CHAOS As Integer = 5                    ' mit CHAOS protocols
  47. Private Const AF_IPX As Integer = 6                      ' IPX and SPX
  48. Private Const AF_NS As Integer = AF_IPX                  ' XEROX NS protocols
  49. Private Const AF_ISO As Integer = 7                      ' ISO protocols
  50. Private Const AF_OSI As Integer = AF_ISO                 ' OSI is ISO
  51. Private Const AF_ECMA As Integer = 8                     ' european computer manufacturers
  52. Private Const AF_DATAKIT As Integer = 9                  ' datakit protocols
  53. Private Const AF_CCITT As Integer = 10                    ' CCITT protocols, X.25 etc
  54. Private Const AF_SNA As Integer = 11                      ' IBM SNA
  55. Private Const AF_DECnet As Integer = 12                   ' DECnet
  56. Private Const AF_DLI As Integer = 13                      ' Direct data link interface
  57. Private Const AF_LAT As Integer = 14                      ' LAT
  58. Private Const AF_HYLINK As Integer = 15                  ' NSC Hyperchannel
  59. Private Const AF_APPLETALK As Integer = 16               ' AppleTalk
  60. Private Const AF_NETBIOS As Integer = 17                  ' NetBios-style addresses
  61. Private Const AF_VOICEVIEW As Integer = 18               ' VoiceView
  62. Private Const AF_FIREFOX As Integer = 19                  ' Protocols from Firefox
  63. Private Const AF_UNKNOWN1 As Integer = 20                 ' Somebody is using this!
  64. Private Const AF_BAN As Integer = 21                     ' Banyan
  65. Private Const AF_ATM As Integer = 22                     ' Native ATM Services
  66. Private Const AF_INET6 As Integer = 23                   ' Internetwork Version 6
  67. Private Const AF_CLUSTER As Integer = 24                 ' Microsoft Wolfpack
  68. Private Const AF_12844 As Integer = 25                   ' IEEE 1284.4 WG AF
  69.  
  70. Private Const MAX_WSADescription = 256
  71. Private Const MAX_WSASYSStatus = 128
  72.  
  73. Private Type Inet_address
  74.   Byte4 As Byte
  75.   Byte3 As Byte
  76.   Byte2 As Byte
  77.   Byte1 As Byte
  78. End Type
  79. Private IPLong As Inet_address
  80.  
  81.  
  82. Private Type ICMP_OPTIONS
  83.     Ttl             As Byte
  84.     Tos             As Byte
  85.     Flags           As Byte
  86.     OptionsSize     As Byte
  87.     OptionsData     As Long
  88. End Type
  89.  
  90. Dim ICMPOPT As ICMP_OPTIONS
  91.  
  92. Private Type ICMP_ECHO_REPLY
  93.     Address         As Long
  94.     Status          As Long
  95.     RoundTripTime   As Long
  96.     DataSize        As Long  'formerly integer
  97.   '  Reserved        As Integer
  98.     DataPointer     As Long
  99.     Options         As ICMP_OPTIONS
  100.     data            As String * 250
  101. End Type
  102.  
  103. Private Type HOSTENT
  104.     hName As Long
  105.     hAliases As Long
  106.     hAddrType As Integer
  107.     hLength As Integer
  108.     hAddrList As Long
  109. End Type
  110.  
  111. Private Type WSADATA
  112.     wversion As Integer
  113.     wHighVersion As Integer
  114.     szDescription(0 To MAX_WSADescription) As Byte
  115.     szSystemStatus(0 To MAX_WSASYSStatus) As Byte
  116.     wMaxSockets As Long
  117.     wMaxUDPDG As Long
  118.     dwVendorInfo As Long
  119. End Type
  120.  
  121. Private Declare Function IcmpCreateFile Lib "Icmp.dll" () As Long
  122. Private Declare Function IcmpCloseHandle Lib "Icmp.dll" (ByVal IcmpHandle As Long) As Long
  123. Private Declare Function IcmpSendEcho Lib "Icmp.dll" (ByVal IcmpHandle As Long, ByVal DestinationAddress As Long, ByVal RequestData As String, ByVal RequestSize As Long, ByVal RequestOptions As Long, ReplyBuffer As ICMP_ECHO_REPLY, ByVal ReplySize As Long, ByVal TimeOut As Long) As Long
  124. Private Declare Function WSAGetLastError Lib "WSOCK32.DLL" () As Long
  125. Private Declare Function WSAStartup Lib "WSOCK32.DLL" (ByVal wVersionRequired As Long, lpWSAData As WSADATA) As Long
  126. Private Declare Function WSACleanup Lib "WSOCK32.DLL" () As Long
  127. Private Declare Function gethostname Lib "WSOCK32.DLL" (ByVal szHost As String, ByVal dwHostLen As Long) As Long
  128. Private Declare Function gethostbyaddr Lib "WSOCK32.DLL" (addr As Long, addrLen As Long, addrType As Long) As Long
  129. Private Declare Function inet_addr Lib "WSOCK32.DLL" (ByVal ipaddress$) As Long
  130. Private Declare Sub RtlMoveMemory Lib "KERNEL32" (hpvDest As Any, ByVal hpvSource As Long, ByVal cbCopy As Long)
  131.  
  132.  
  133. Type IP_OPTION_INFORMATION
  134.   Ttl As Byte
  135.   Tos As Byte
  136.   Flags As Byte
  137.   OptionsSize As Long
  138.   OptionsData As String * 128
  139. End Type
  140.  
  141. Public pIPo As IP_OPTION_INFORMATION
  142.  
  143. Type IP_ECHO_REPLY
  144.   Address(0 To 3) As Byte
  145.   Status As Long
  146.   RoundTripTime As Long
  147.   DataSize As Integer
  148.   Reserved As Integer
  149.   data As Long
  150.   Options As IP_OPTION_INFORMATION
  151. End Type
  152.  
  153. Public pIPe As IP_ECHO_REPLY
  154.  
  155. 'Winsock
  156. Declare Function gethostbyname& Lib "WSOCK32.DLL" (ByVal hostname$)
  157.  
  158. 'Kernel
  159. Declare Sub CopyMemory Lib "KERNEL32" Alias "RtlMoveMemory" (hpvDest As Any, hpvSource As Any, ByVal cbCopy As Long)
  160.  
  161. Private Function GetStatusCode(Status As Long) As String
  162.  
  163.    Dim msg As String
  164.  
  165.    Select Case Status
  166.       Case IP_SUCCESS:               msg = "ip success"
  167.       Case IP_BUF_TOO_SMALL:         msg = "ip buf too_small"
  168.       Case IP_DEST_NET_UNREACHABLE:  msg = "ip dest net unreachable"
  169.       Case IP_DEST_HOST_UNREACHABLE: msg = "ip dest host unreachable"
  170.       Case IP_DEST_PROT_UNREACHABLE: msg = "ip dest prot unreachable"
  171.       Case IP_DEST_PORT_UNREACHABLE: msg = "ip dest port unreachable"
  172.       Case IP_NO_RESOURCES:          msg = "ip no resources"
  173.       Case IP_BAD_OPTION:            msg = "ip bad option"
  174.       Case IP_HW_ERROR:              msg = "ip hw_error"
  175.       Case IP_PACKET_TOO_BIG:        msg = "ip packet too_big"
  176.       Case IP_REQ_TIMED_OUT:         msg = "ip req timed out"
  177.       Case IP_BAD_REQ:               msg = "ip bad req"
  178.       Case IP_BAD_ROUTE:             msg = "ip bad route"
  179.       Case IP_TTL_EXPIRED_TRANSIT:   msg = "ip ttl expired transit"
  180.       Case IP_TTL_EXPIRED_REASSEM:   msg = "ip ttl expired reassem"
  181.       Case IP_PARAM_PROBLEM:         msg = "ip param_problem"
  182.       Case IP_SOURCE_QUENCH:         msg = "ip source quench"
  183.       Case IP_OPTION_TOO_BIG:        msg = "ip option too_big"
  184.       Case IP_BAD_DESTINATION:       msg = "ip bad destination"
  185.       Case IP_ADDR_DELETED:          msg = "ip addr deleted"
  186.       Case IP_SPEC_MTU_CHANGE:       msg = "ip spec mtu change"
  187.       Case IP_MTU_CHANGE:            msg = "ip mtu_change"
  188.       Case IP_UNLOAD:                msg = "ip unload"
  189.       Case IP_ADDR_ADDED:            msg = "ip addr added"
  190.       Case IP_GENERAL_FAILURE:       msg = "ip general failure"
  191.       Case IP_PENDING:               msg = "ip pending"
  192.       Case PING_TIMEOUT:             msg = "ping timeout"
  193.       Case Else:                     msg = "unknown  msg returned"
  194.    End Select
  195.    
  196.    GetStatusCode = CStr(Status) & "   [ " & msg & " ]"
  197.    
  198. End Function
  199.  
  200.  
  201. Private Function hibyte(ByVal wParam As Long) As Integer
  202.  
  203.     hibyte = wParam \ &H100 And &HFF&
  204.  
  205. End Function
  206.  
  207.  
  208. Private Function lobyte(ByVal wParam As Long) As Integer
  209.  
  210.     lobyte = wParam And &HFF&
  211.  
  212. End Function
  213.  
  214.  
  215.  

Post Information

  • Total Posts in this topic: 28 posts
  • Users browsing this forum: No registered users and 3 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.