I've given up using PHPBB3

[apirateslife]

In the past 2 weeks my PHPBB 3 forum has been defaced twice. At first I thought it was because I wasn't using the latest release of PHPBB 3 but that's not the case.

After I upgraded to 3.0.1, it still got hacked. I even chmod'd the admin directory so that it is unreadable, and I renamed the mcp.php.

That didn't help, my server logs show him using the admin directory and "mcp.php".

I don't even know how that's possible, the admin directory was undreadable and there is no mcp.php on my server lol.


I suggest everyone using phpbb 3 to back up their sites daily.

I think I'm switching to Simple Machines or just selling the domain.

apirateslife Reviewed by apirateslife on 25th Jun 2008. I've given up using PHPBB3 In the past 2 weeks my PHPBB 3 forum has been defaced twice. At first I thought it was because I wasn't using the latest release of PHPBB 3 but that's not the case. After I upgraded to 3.0.1, it still got hacked. I even chmod'd the admin directory so that it is unreadable, and I renamed the mcp.php. That didn't help, my server logs show him using the admin directory and "mcp.php". I don't even know how that's possible, the admin directory was undreadable and there is no mcp.php on Rating: 5

[apirateslife]

No, I'm not keylogged. The FTP is secure SSH is disabled. He's logging in through the phpbb3 admin console the deleting everything from there.

[apirateslife]

Nah, but if he had access to FTP he would've probably defaced my other site that's on the same FTP. The server logs just show him using the front end site, viewing my user profile, then logging in as administrator.

He's probably using a variation of this exploit: http://securitydot.net/xpl/exploits/...1/exploit.html

[JmZ]

FTP/ssh isn't required to deface a whole website..

If someone has a PHP shell on the server they can access SQL and deface the stored skin HTML or, if the permissions allow them to, they can just edit the files.

Script kiddies who use PHP shells can also usually attempt a crack of your password from the forum db so if its the same as your host, they could have full access.

[apirateslife]

No one has any shells on the server. I'm just hosting my sites and a few other people from KWWHunction at the moment.

I know who the person attacking me is, and the reason he's doing it is because I refused to host him and his "scripts" when he contacted me on another forum.

Yeah, he is exploiting the phpbb3 database, that's for sure. I made sure all of my passwords are different for everything.

I'm going to give phpbb3 one more shot. Hopefully he'll get bored and stop, if not I'll just take the site down. It's no big deal, it just gets annoying restoring my site every other day.

[pimpinjg]

change to vbulletin or somethign or other the problem with phpbb is your hashes are not salted or encrytped if u make ur password super long you should be fine and change your passwords for phpmyadmin

[KJThaDon]

try setting up a password on certain directories ie: admin directory
You can do this through cpanel easily

[Babu]

don't blame to phpbb3, there are huge people using phpbb3, but they don't get any problem.

My suggestion: firstly download the sql for back up. then delete the full board. then restore your sql with new password. after that install a fresh phpbb version 3.0.1 copy. then just edit the config file. i hope it will work.

May be he hacked your sql or you may done anything wrong when you add mod.