Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

my phpBB forum 'hacked' by some nerdlinger

Options
  • 11-05-2006 11:49pm
    #1
    Dave!
    Closed Accounts Posts: 27,857 ✭✭✭✭


    Hey folks,

    I've been working on a website for a while now, and it's supposed to include a message board. I registered one on phpbb-host.com, but haven't actually done anything with it (created categories, forums, anything), or given it out to anyone.

    Just checked it now and it looks like this:
    http://www2.phpbb-host.com/phpbb/index.php?mforum=irishaccents&sid=42549681a2a187671d6214301c8e336e

    Pretty pathetic indeed...

    Anywho, just wondering how they did it... do they just hang around waiting for new forums to be created? where'd they get the address? did they use some sort of nerd tool to guess the password?

    And is there a more secure, free message board that I can use? I still don't wanna pay out for vB or anythin.

    Thanks


Comments

  • Options
    #2
    thelordofcheese
    Closed Accounts Posts: 4,368 ✭✭✭thelordofcheese


    here is why the forums were hacked, some lazy admin forgot to upgrade.

    also read this thread to see how to get by the 'hacked' frontpage and see if they managed to get any deeper.


  • Options
    #3
    Eoin
    Registered Users Posts: 21,257 ✭✭✭✭Eoin


    The worst thing about the hacked page is that I didn't realise the curse of a <blink> tag STILL works - thought they had gotten rid of that years ago...


  • Options
    #4
    Dave!
    Closed Accounts Posts: 27,857 ✭✭✭✭Dave!


    cheers for that lordofthecheese!

    Is that likely to happen again? I mean, I heard that phpBB is insecure and so on, so is this a regular thing, lameasses wrecking your forum?

    thanks


  • Options
    #5
    DOLEMAN
    Closed Accounts Posts: 850 ✭✭✭DOLEMAN


    Dave, a site I wrote, http://www.staff.ie is based on the PHPBB script (well, the security and session part is.)

    The key is to apply the updates as they occur (every few weeks/months.) I do this and I've never had any problems.

    Also, install this - http://starfoxtj.no-ip.com/phpbb/toolkit/ - it's a handy tool.

    I don't believe vBulletin is necessarily more secure - I just think the people who use vBulletin take their forums more seriously and update regularily. Lots of noobs use PHPBB! :)

    PS Your hack job was most like automated, not actually someone targeting your forum.


  • Options
    #6
    byte
    Moderators, Regional North West Moderators Posts: 19,123 Mod ✭✭✭✭byte
    byte


    About a year ago, my phpBB install was hacked. But not only did it affect phpBB, it affected everything with a .php and .htm* extension which was much worse.

    Luckily, I had a backup of the relevant files, and the database wasn't affected.

    As already said, my phpBB install was compromised simply because it was not updated! Live and learn!


  • Advertisement
Advertisement