phpBB-TweakS
The easiest way to 'tweak' your phpBB!
  
Advanced Search
    
 
Home Downloads FAQ Register FAQ Memberlist Usergroups Ranks
  Log in to check your private messages Log in  
   
 

Please help us to develop!

 
It appears you are using a browser that is not based on Internet Explorer, this means you are not viewing the web as good as you should be. Other browsers might try to immitate Internet Explorer, but none can parse the web as it should like Internet Explorer can. So view the web as it was meant to be with Avant Browser!
         

phpBB-TweakS Forum Index Feedback phpbb-portal.com hacked!
Display posts from previous:   
Half Thread Topic  Fully Thread Topic  Download Topic
      All times are GMT - 5 Hours  
Post new topic  Reply to topic

Thu Mar 17, 2005 9:01 am
Author Message
RikĀ©
New TweakeR
New TweakeR


Joined: 07 Jan 2005
Posts: 9
Words Posted: 300
Average Post: 33.33
Post subject: phpbb-portal.com hacked! Reply with quote
Hi Cool

I just visited phpbb-portal.com and saw it was hacked.
Some a-hole wanted to proof something.... (phpbb-portal runs phpBB2 v2.0.10 with phpBB Security).
He didn't get access to the ACP thanks to the extra .htaccess protection but he managed to login to the forums as aUsTiN.

Maybe aUsTiN (and anyone else running an older version than 2.0.13) should upgrade phpBB-portal.com to v2.0.13 to avoid this things to happen in the future.....

Greetz,
RikĀ©

[edit]here's the topic Arrow http://phpbb-portal.com/viewtopic.php?p=4296#4296
Post #1
      Back To Top  

Thu Mar 17, 2005 5:38 pm
Author Message
RikĀ©
New TweakeR
New TweakeR


Joined: 07 Jan 2005
Posts: 9
Words Posted: 300
Average Post: 33.33
Post subject: Reply with quote
Noticed aUsTiN fixed it and updated phpBB2...

Looks like phpbb-security works, even with forums that are not updated to the latest version Very Happy
Post #2
      Back To Top  

Sun Mar 20, 2005 12:59 pm
Author Message
aUsTiN
Webmaster
Webmaster


Usa Georgia

Joined: 05 Jan 2005
Posts: 3684
Words Posted: 144,671
Average Post: 39.27
Location: USA
Post subject: Reply with quote
Nah, none of my sites are on .13
Post #3
      Back To Top  

Mon Mar 21, 2005 10:55 am
Author Message
vrflyer
100 Club
100 Club


Joined: 10 Jan 2005
Posts: 126
Words Posted: 4,810
Average Post: 38.17
Post subject: Reply with quote
SO how did they "break-in" again ? Shocked
Post #4
      Back To Top  

Mon Mar 21, 2005 7:51 pm
Author Message
aUsTiN
Webmaster
Webmaster


Usa Georgia

Joined: 05 Jan 2005
Posts: 3684
Words Posted: 144,671
Average Post: 39.27
Location: USA
Post subject: Reply with quote
It was a sessions thing, all they did was post. But phpBB Security 1.0.2 patches the sessions crap anyhow.
Post #5
      Back To Top  

Fri Mar 25, 2005 10:09 am
Author Message
Seteo-Bloke
Support Team
Support Team


Joined: 07 Jan 2005
Posts: 34
Words Posted: 1,097
Average Post: 32.26
Post subject: Reply with quote
Was the session exploit used the same thing that the phpbb team ignored when you brought it up on at phpbb.com?
Post #6
      Back To Top  

Fri Mar 25, 2005 2:02 pm
Author Message
aUsTiN
Webmaster
Webmaster


Usa Georgia

Joined: 05 Jan 2005
Posts: 3684
Words Posted: 144,671
Average Post: 39.27
Location: USA
Post subject: Reply with quote
No, the extra = they added in sessions.php fixed it so people cant exploit the autologin bit. What i was posting about was they never reset the user_level, so that can still be done.
Post #7
      Back To Top  

 
         

Post new topic  Reply to topic

phpBB-TweakS Forum Index Feedback phpbb-portal.com hacked!
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

      Back To Top  

Page 1 of 1
Jump to:  
 
Protected by phpBB Security © phpBB-TweakS
phpBB Security Has Blocked 3,237 Exploit Attempts.

· Archive · Sitemap: Index · Sitemap: Forums · Sitemap: Topics · Sitemap: Posts ·

:: [ Load Time: 2.8 Seconds ] :: [ 29 Queries ] :: [ 963 Page(s) Viewed Today ] ::
:: [ Todays Queries: 28,725 ] :: [ Highest Load: 1,396,429 Queries On May. 08, 2007 ] ::
:: [ SQL Load: 62% Time: 1.7 ] :: [ PHP Load: 38% Time: 1.1 ] :: [ Debug: On ] :: [ GZIP: Enabled ] ::
:: The server last rebooted 80 days, 16 hours, 59 minutes, 28 seconds ago. ::
The phpBB[Network]!
       


This page has been viewed 4,927,900 times, last viewed: Sat Sep 06, 2008 1:30 am.
Powered by phpBB 2.0.* © 2001, 2002 phpBB Group
Avalanche style by What Is Real © 2004