NilsC

Mar 10 2005, 04:51 PM

I moved it here because this is a security issue, not php progrEven though the fix is php programming.

So everyone make sure you have latest version and check your log files

Nils

Reply

Rik©

Mar 10 2005, 07:02 PM

QUOTE(krap @ Mar 10 2005, 06:23 PM)

I got an email today:
[font=Courier]
...Everythings fine. Nothing different at all. Bit stupid sending me that email when they didnt even hack it.......

Check if you still got admin rights and that no admin has been added and update to latest version (2.0.13)
For extra security of your phpBB2 board you can download the phpbb-security mod/hack by aUsTiN --> phpbb-tweaks.com

Greetz,
Rik©

Reply

haron

Mar 11 2005, 10:26 AM

They are not hackers, they are LAMERS, script kiddies.

Reply

krap

Mar 17 2005, 05:15 PM

im not really bothered with that. ive only got 28 members.
Im sure anyone who hacks it is really sad as it's such a small site so they would earn no "respect" for it..
If someone hacked Google for instance they would be known as a hacking god among hackers(or a w**ker among me and loads of other people )
But for my site I dont think the same thing would happen.
I'm sure they would rather hack a busy site and cause disruption..

I cant be bothered to change to 2.13 or whatever it was- it probably has security holes so when someone finds them I'll need to upgrade again.
@php releasing two releases in two days.

Reply

bureX

Mar 17 2005, 11:02 PM

Even with 28 registered users, you shouldn't give some ultra-lamer the pleasure of laming your forum. One user tried to do the same thing when I deleted his post containing some very offensive material on my forum. He tried to use the phpBB exploit that I mentioned, and failed because I upgraded to 2.0.13 already .

Anyway, I hope that the 2.0.13 version is the last security upgrade version, because the phpBB developer team is working hard to release a new version with a bunch of new features, and I would hate to see them be busy with releasing new patches for security holes instead...

Reply

Latest Entries

1. trojan.exploit.phpbb.b - 21.47 hr back. (1)
2. phpbb security austin - 24.78 hr back. (1)
3. phpbb admin control hack 2.0.15 - 37.48 hr back. (1)
4. gaining administrative access phpbb - 44.78 hr back. (1)
5. phpbb 2.0.16 hacking download - 49.26 hr back. (1)
6. how to be admin on phpbb in simple steps! - 76.72 hr back. (2)
7. how to be admin on phpbb in simple steps - 101.31 hr back. (1)
8. how to hack phpbb 2.0.16 exploit - 145.82 hr back. (1)
9. phpbb exploit admin rights - 171.89 hr back. (1)
10. exploit phpbb steal email address - 191.14 hr back. (1)
11. download phpbb security by austin - 229.37 hr back. (1)
12. phpbb2 arabia style - 263.35 hr back. (1)
13. siteboard phpbb account administrator hacken - 305.91 hr back. (1)
14. gain admin access on phpbb - 333.16 hr back. (1)

1. Hackers Rob Best Western Hotel Group, Steal 8m Guest Records

   (1)

2. Hackers Hijack A Half-million Sites: Phpbb Forum Users Must Read

   (8)

   Since January, hackers have hit hit over 500,000 website, with everything you could possible
   imagine; viruses, trojans, malware etc etc. As for the types of websites, sadly to say, these
   websites who are getting hit are running PHPBB forum and the worse part is htey don't mention
   which version of the phpbb forums are getting hack. So it is safe to say any version below 3.0 is
   hackable and maybe even 3.0 itself. As for some of the stuff that is being transmitted are old and
   new, but one trojan has been identified and it is the Zlob Trojan or rather variations to th....

3. Hackers Focus Efforts On Firefox, Safari, And Office

   (1)

   QUOTE Many people are switching from Internet Explorer to alternative browsers such as Firefox
   and Safari. Though that might make them feel more secure, the shift has also opened new doors for
   bad guys. Case in point: We have no IE bugs to report this month, but both Firefox and Safari have
   been hit hard. So forget the idea that just because you've switched to a new browser,
   you're magically safer. You may be for a time, but to stay safe with any software, you need to
   keep current with fixes. Firefox Holes In a somewhat dubious recognition of Firefox's....

4. Microsoft Update Program Being Used By Hackers

   (6)

   Although I am bit surprise that no one really take about way back then, but it seems the hackers and
   crackers I starting to use the microsoft update downloading to transmit there malware and torjans to
   compromised computers. The reason being is that the Microsoft update program bypasses firewall
   security protocals and so when that malware is getting download, your firewall and virus programs
   will not pick it up. I know a few people turn it off and either download them manually or don't
   download them at all. So to toss out a warning, when you get he windows update ....

5. Spammers, Hackers Seize On Virginia Tech Shootings

   (3)

   Ok to me I consider the sickest form of human idiots ever, bad enough you have some people mocking
   the shooter but now you got people using spam and hacking computers by using the Virginia Tech
   shootings, This person should be found and beating for using a tragic event like this and trying to
   profit from it. The spam/hack goes like this QUOTE If clicked, the link caused a computer to
   automatically download a malicious screensaver, called TERROR_EM_VIRGINIA.scr by Sophos, which
   installs a Trojan horse program that collects banking details, Cluley said. It was a....

6. Myspace Has A Team Of Hackers

   (7)

   I found this to be very interesting, a group of hackers routinly attack Myspace to find flaws and it
   looks like they have already started finding them /laugh.gif" style="vertical-align:middle"
   emoid=":lol:" border="0" alt="laugh.gif" /> I find it funny that they actually told Myspace that
   they were going to do this, although I doubt they could find them anyways. /laugh.gif"
   style="vertical-align:middle" emoid=":lol:" border="0" alt="laugh.gif" /> But again they already
   found one which has to do with the url set up of which I won't post because of the legality o....

7. Phpbb 2.0.18

   Released on the 31st (12)

   To anyone out there using phpBB, the next release has been sent out. Report:
   http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756 Download:
   http://www.phpbb.com/downloads.php Additional Download for the Changed Files Only:
   http://www.phpbb.com/files/releases/change...8_repackage.zip I found an error! One of the
   reports was made by myself. Even though it was not a bug, it was about the cosmetic display on the
   index page concerning the subSilver template. As people may have noticed, the ''Mark all
   forums read'' is displayed before you even....

8. [exploit] Phpbb <=2.0.12 Vulnerability.

   How to be Admin on phpBB in Simple steps (2)

   Another vulnerability in PHPbb based forums that can be used to easily gain any user level access to
   the forum. Even the admin account is not not secure with the default setup. Click Here for more
   details about -"How to be Admin on phpBB in Simple steps!" And here is the Homepage of
   PHPbb and click here to download the latest version.....

9. [exploit] Phpbb 2.0.15 "viewtopic.php"

   Remote PHP Code Execution Exploit (3)

   phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print
   "\nphpBB 2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org"
   print " well, just because there is none." import sys from urllib2 import Request, urlopen from
   urlparse import urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' '
   ENDTAG = ' ' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
   ,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += ....

10. And Again A New Phpbb

    phpBB 2.0.17 (17)

    Again got me a nice email from phpBB group...: QUOTE Hi everyone, phpBB Group announces the
    release of phpBB 2.0.17, the "no, we did not forget naming it last time" release. This release
    addresses several bugfixes and some low security issues as well as the recently seemingly
    wide-spread XSS issue (only affecting Internet Explorer). Please have a look down this announcement
    for the code changes necessary to fix the XSS issue, we are again astounded about the energy people
    put into finding the smallest issue in phpBB 2.0.x, those must have a lot of time available. ....

11. Phpbb 2.0.16 Is Out!

    A new version again... (8)

    PhpBB, one of the most popular PHP based forums is here out in the form of a new version - 2.0.16. A
    few critical issues were corrected, but other than that, nothing special... Still waiting for
    Olympus /sad.gif' border='0' style='vertical-align:middle' alt='sad.gif' /> QUOTE Hi
    everyone, phpBB Group announces the release of phpBB 2.0.16. This release addresses some bugfixes
    and one critical security issue. To fix this, please apply the following change: In viewtopic.php
    Find: CODE $message = str_replace('"', '"', substr....

12. Phpbb Upload Script "up.php" Arbitrary File Upload

    (0)

    To: BugTraq Subject: phpBB Upload Script "up.php" Arbitrary File Upload Date: Apr 8 2005 2:21AM
    Author: Status-x Message-ID:
    ##################################################################### Advisory #1 "phpBB Upload
    Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: phr4xz gmail com -
    status-x hackersoft net $ Date: 7 April 2005 $ Website: http://defacers.com.mx $
    Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor
    URL: http://phpbb.com $ Affected Software: phpB....

13. Phpbb 2.0.15 Is Out!

    (15)

    phpBB 2.0.15 is out! It has a few bugfixes and improved security features. Don't wait to be
    a victim of an exploit! You can download it from here: http://www.phpbb.com/downloads.php
    Here is the notification e-mail that I have received: QUOTE("The phpBB team") Hi everyone,
    phpBB Group announces the release of phpBB 2.0.15, the "summer needs to be hot" release. This
    release addresses some bugfixes and addressing some security issues, one being serious. With this
    release the admin re-authentication security feature from phpBB Olympus has been backported....

14. Bugs Found In Phpbb 2.0.13

    PhpBB 2.0.14 released to fix them (8)

    Recently, a few exploits were made for phpBB 2.0.13 (like this one):
    http://lists.virus.org/bugtraq-0503/msg00109.html And some bugs were noticed as well (like this
    one): http://www.addict3d.org/index.php?page=vie...ecurity&ID=3563 And so, the phpBB team has
    released a new version of phpBB - 2.0.14. Here is the e-mail that I have received from their mailing
    list: QUOTE(phpBB list) Hi everyone, phpBB Group announces the release of phpBB 2.0.14, the "We
    know we are (not) furry" edition. This release addresses some bugfixes as well as fixing some minor
    non-critic....

15. Phpbb Exploit

    (17)

    Recently, an exploit has been found out that allows people to use their cookies to gain access to
    the ACP. And Firefox assists with it /ohmy.gif' border='0' style='vertical-align:middle'
    alt='ohmy.gif' /> ! Basically what happens that is when you visitthe phpBB forum, it logs a
    cookie containing your Session ID (Basically who and when you are). What it does, after much
    decoding and encoding, is allows you to replace your SID with the admin's, thus enabling them to
    gain access. To fix this, upgrade to the latest version of phpBB, 2.0.13. Dun dun dunnnnn! B....

16. Phpbb Exploit

    PhbBB exploits unleashed! (4)

    /laugh.gif' border='0' style='vertical-align:middle' alt='laugh.gif' /> hello Oh
    !!!!! agian PHPBB exploits & bugs phpbb team must /laugh.gif' border='0'
    style='vertical-align:middle' alt='laugh.gif' /> dead check here
    http://k-otik.com/exploits/20050228.phpbbsession.c.php /wink.gif' border='0'
    style='vertical-align:middle' alt='wink.gif' /> for more security use IPB OR VBULLETIN
    /unsure.gif' border='0' style='vertical-align:middle' alt='unsure.gif' /> Thanks Best REgars ,
    liridonahm EDIT : PHPBB EXPLOITS, Trap17 is not responsible ....



Looking for phpbb, hackers