Results 1 to 8 of 8
-
25th Jun 2008, 10:06 PM #1OPMember
I've given up using PHPBB3
In the past 2 weeks my PHPBB 3 forum has been defaced twice. At first I thought it was because I wasn't using the latest release of PHPBB 3 but that's not the case.
After I upgraded to 3.0.1, it still got hacked. I even chmod'd the admin directory so that it is unreadable, and I renamed the mcp.php.
That didn't help, my server logs show him using the admin directory and "mcp.php".
I don't even know how that's possible, the admin directory was undreadable and there is no mcp.php on my server lol.
I suggest everyone using phpbb 3 to back up their sites daily.
I think I'm switching to Simple Machines or just selling the domain.apirateslife Reviewed by apirateslife on . I've given up using PHPBB3 In the past 2 weeks my PHPBB 3 forum has been defaced twice. At first I thought it was because I wasn't using the latest release of PHPBB 3 but that's not the case. After I upgraded to 3.0.1, it still got hacked. I even chmod'd the admin directory so that it is unreadable, and I renamed the mcp.php. That didn't help, my server logs show him using the admin directory and "mcp.php". I don't even know how that's possible, the admin directory was undreadable and there is no mcp.php on Rating: 5
-
26th Jun 2008, 04:08 AM #2OPMember
-
26th Jun 2008, 06:21 AM #3OPMember
Nah, but if he had access to FTP he would've probably defaced my other site that's on the same FTP. The server logs just show him using the front end site, viewing my user profile, then logging in as administrator.
He's probably using a variation of this exploit: http://securitydot.net/xpl/exploits/...1/exploit.html
-
26th Jun 2008, 09:13 AM #4(╯?□?)╯︵ ┻━┻Website's:
Xenu.ws WarezLinkers.com SerialSurf.com CracksDirect.comFTP/ssh isn't required to deface a whole website..
If someone has a PHP shell on the server they can access SQL and deface the stored skin HTML or, if the permissions allow them to, they can just edit the files.
Script kiddies who use PHP shells can also usually attempt a crack of your password from the forum db so if its the same as your host, they could have full access.
-
26th Jun 2008, 10:09 AM #5OPMember
No one has any shells on the server. I'm just hosting my sites and a few other people from KWWHunction at the moment.
I know who the person attacking me is, and the reason he's doing it is because I refused to host him and his "scripts" when he contacted me on another forum.
Yeah, he is exploiting the phpbb3 database, that's for sure. I made sure all of my passwords are different for everything.
I'm going to give phpbb3 one more shot. Hopefully he'll get bored and stop, if not I'll just take the site down. It's no big deal, it just gets annoying restoring my site every other day.
-
22nd Jul 2008, 09:23 PM #6Member
change to vbulletin or somethign or other the problem with phpbb is your hashes are not salted or encrytped if u make ur password super long you should be fine and change your passwords for phpmyadmin
-
23rd Jul 2008, 01:37 AM #7MemberWebsite's:
thisrapgame.com the-warez.net
-
26th Aug 2008, 01:14 PM #8Banned
don't blame to phpbb3, there are huge people using phpbb3, but they don't get any problem.
My suggestion: firstly download the sql for back up. then delete the full board. then restore your sql with new password. after that install a fresh phpbb version 3.0.1 copy. then just edit the config file. i hope it will work.
May be he hacked your sql or you may done anything wrong when you add mod.
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
[Hiring] Seo For phpbb3
By Majky71 in forum Completed TransactionsReplies: 2Last Post: 5th Jun 2011, 07:50 AM -
need phpbb3 pro
By superstar in forum phpBBReplies: 3Last Post: 23rd Jan 2011, 01:44 PM -
I need a phpbb3 mod
By cgworld in forum Web Development AreaReplies: 0Last Post: 11th Jul 2010, 10:02 AM -
PHPBB3 help!!
By nYXem in forum phpBBReplies: 3Last Post: 2nd Jun 2010, 02:29 PM -
About phpbb3 mod
By Babu in forum phpBBReplies: 1Last Post: 29th Aug 2008, 02:25 AM
themaCreator - create posts from...
Version 3.22 released. Open older version (or...