Oh man!  What a day!  Sorry I can't afford to pay you more for your
help, but I have to pay to get my message boards restored tomorrow. 
Grrr.  Also, I'm not sure if this will be a lot of work for a
researcher.  I think I'm pretty much looking for someone to translate
information I've already found into something I can understand.

My web site is http://www.lunabean.com .  The site is fine.  The
message boards ( http://www.lunabean.com/cgi-bin/YaBB/YaBB.cgi ),
however, are not.  I got to log in today to read that the "Lunaboards"
are now called "H2K".  In the "news" section, instead of reading what
video game we're playing, it read something vulgar.  I watched as the
hacker erased messages and boards, then proceeded on to members.  I
got a hold of our hosts to stop him after a few hundred members were
erased.
Our hosts are telling us that the boards were hacked, not the site. 
I'd say all signs point to that.  They also said a new vulnerability
came out a couple of days ago for Yabb boards.  They told us to look
at www.securityfocus.com.  I could only find this:
http://online.securityfocus.com/archive/88/297465 which explains the
"YaBB Login Cross-Site Scripting Vulnerability".  However, this
vulnerability has to do with YaBB 1.40 and YaBB 1.41.  We're running
the newest version, YaBB 1 Gold - SP 1.1.  And, these problems could
be, but don't seem to be what we experienced.  We stay cookied and
rarely log in...I'm thinking they got a hold of one of our cookies,
logged in as the admin, and took control from there.

The people at Yabb seem to be dumbfounded.  I'm wondering if this is
an IE 6.0 problem.  We don't have the latest service pack, and the one
we have seems to have some vulnerabilities, cookie-style.

My questions to you are:
1)  Looking at my problem, what do you think happened?  Do you think
my IE 6.0 issue is the culprit?
2)  What actions should I take to prevent this from happening again?



I'll be around this evening, so if you need more info, please ask.
Thanks!

---

Clarification of Question by lunabean-ga on 10 Nov 2002 20:31 PST

I'd also like to add here that we have the newest version of YaBB 1
Gold - SP 1.1.  We downloaded it after the security patch for it came
out, so the security flaw for YaBB 1 Gold - SP 1 isn't the problem.

Your board http://www.lunabean.com/cgi-bin/YaBB/YaBB.cgi doesn't
appear to work now (as of the time of this comment).. permissions are
wrong? Perhaps you reduced the execute on some files? One resource is
the YaBB forum.. where all the 'YaBBers' hang out?
Did you change the admin login from the default? I suspect you log in
using 'admin'? That could be changed to a less guessable one.
regards
lot-ga

Thanks for trying.  I changed the permissions to stop the hacker, it's
all I could do.  As for the YaBB forum where all of the "YaBBers" hang
out, well, you should check it out.  Last night I was there with my
problem, then, suddenly several people posted they same situation. 
Today, the YaBB forum is hacked.  I assume they're working on a fix to
make sure this doesn't happen again.  Thanks for your time.