Activity Stream
48,167 MEMBERS
61058 ONLINE
besthostingforums On YouTube Subscribe to our Newsletter besthostingforums On Twitter besthostingforums On Facebook besthostingforums On facebook groups

Results 1 to 8 of 8
  1.     
    #1
    Member

    Default I've given up using PHPBB3

    In the past 2 weeks my PHPBB 3 forum has been defaced twice. At first I thought it was because I wasn't using the latest release of PHPBB 3 but that's not the case.

    After I upgraded to 3.0.1, it still got hacked. I even chmod'd the admin directory so that it is unreadable, and I renamed the mcp.php.

    That didn't help, my server logs show him using the admin directory and "mcp.php".

    I don't even know how that's possible, the admin directory was undreadable and there is no mcp.php on my server lol.


    I suggest everyone using phpbb 3 to back up their sites daily.

    I think I'm switching to Simple Machines or just selling the domain.
    apirateslife Reviewed by apirateslife on . I've given up using PHPBB3 In the past 2 weeks my PHPBB 3 forum has been defaced twice. At first I thought it was because I wasn't using the latest release of PHPBB 3 but that's not the case. After I upgraded to 3.0.1, it still got hacked. I even chmod'd the admin directory so that it is unreadable, and I renamed the mcp.php. That didn't help, my server logs show him using the admin directory and "mcp.php". I don't even know how that's possible, the admin directory was undreadable and there is no mcp.php on Rating: 5

  2.   Sponsored Links

  3.     
    #2
    Member
    No, I'm not keylogged. The FTP is secure SSH is disabled. He's logging in through the phpbb3 admin console the deleting everything from there.

  4.     
    #3
    Member
    Nah, but if he had access to FTP he would've probably defaced my other site that's on the same FTP. The server logs just show him using the front end site, viewing my user profile, then logging in as administrator.

    He's probably using a variation of this exploit: http://securitydot.net/xpl/exploits/...1/exploit.html

  5.     
    #4
    (╯?□?)╯︵ ┻━┻
    Website's:
    Xenu.ws WarezLinkers.com SerialSurf.com CracksDirect.com
    FTP/ssh isn't required to deface a whole website..

    If someone has a PHP shell on the server they can access SQL and deface the stored skin HTML or, if the permissions allow them to, they can just edit the files.

    Script kiddies who use PHP shells can also usually attempt a crack of your password from the forum db so if its the same as your host, they could have full access.

  6.     
    #5
    Member
    No one has any shells on the server. I'm just hosting my sites and a few other people from KWWHunction at the moment.

    I know who the person attacking me is, and the reason he's doing it is because I refused to host him and his "scripts" when he contacted me on another forum.

    Yeah, he is exploiting the phpbb3 database, that's for sure. I made sure all of my passwords are different for everything.

    I'm going to give phpbb3 one more shot. Hopefully he'll get bored and stop, if not I'll just take the site down. It's no big deal, it just gets annoying restoring my site every other day.

  7.     
    #6
    Member
    change to vbulletin or somethign or other the problem with phpbb is your hashes are not salted or encrytped if u make ur password super long you should be fine and change your passwords for phpmyadmin

  8.     
    #7
    Member
    Website's:
    thisrapgame.com the-warez.net
    try setting up a password on certain directories ie: admin directory
    You can do this through cpanel easily

    The-Warez

    .com .net .org .info

    ThisRapGame
    .com .net .org .info .us


  9.     
    #8
    Banned
    don't blame to phpbb3, there are huge people using phpbb3, but they don't get any problem.

    My suggestion: firstly download the sql for back up. then delete the full board. then restore your sql with new password. after that install a fresh phpbb version 3.0.1 copy. then just edit the config file. i hope it will work.

    May be he hacked your sql or you may done anything wrong when you add mod.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [Hiring] Seo For phpbb3
    By Majky71 in forum Completed Transactions
    Replies: 2
    Last Post: 5th Jun 2011, 07:50 AM
  2. need phpbb3 pro
    By superstar in forum phpBB
    Replies: 3
    Last Post: 23rd Jan 2011, 01:44 PM
  3. I need a phpbb3 mod
    By cgworld in forum Web Development Area
    Replies: 0
    Last Post: 11th Jul 2010, 10:02 AM
  4. PHPBB3 help!!
    By nYXem in forum phpBB
    Replies: 3
    Last Post: 2nd Jun 2010, 02:29 PM
  5. About phpbb3 mod
    By Babu in forum phpBB
    Replies: 1
    Last Post: 29th Aug 2008, 02:25 AM

Tags for this Thread

BE SOCIAL