phpBB-TweakS

**aUsTiN**

As some of you might have already seen, at some point today a group of people found an exploit & decided to replace the index.php here. I'm not sure yet how they did it or why they did it even, but why does anyone bother to do it.

I have backups of everything, so if something else happens over the next few days while i try to figure it out, we can always back it up.

So maybe they will step up and let me know how they did it so we can try & safeguard from it in the future, but i doubt it.

aUsTiN & Staff

X

i heard time ago there was a big exploit for phpbb-security. And it was not the http_x thing, it was in some hack board called elhacker.net that are in spanish, im member there and one topic from their SMF board was that so i asked for the source but the told me source was a chat in an irc chat so there is notting posted or written. Its just a legend.

You know very well all constituton from PHPBB-security, do you think, and really do you think if there is some exploiy in phpbb-security hack atacks could replace index.php? Or the phpbb_security permissions and code are not enought to create an atack from that magnitude?

Also it could be a new exploit from the PHPBB2.0.21 versions (if you have it, if not from the previous version you have).

Or maybe a failre in server, chmod permissions and things like that. You can see this in your raw_log so you can define exactly what happened.

But if there is a bug in phpbb_security code this must be priority to fix because there will be no time to fix it before atackers publish the exploit and how to use it.

Greets.

**aUsTiN**

There was an exploit in 1.0.1, which was discussed awhile ago & patched the same day.

No i dont use .21 so i doubt its that.

Also, one of the sites that was attacked did not have phpBB Security, did not have phpBB, as a matter of fact it had no files what so ever. Which leads me to believe they used some kind of brute force password cracker. But as of now im still not 100% sure.

X

**foxyone**

the "group" that is doing alot of the attacks posts their exploits and alot of info regarding how they work etc

i found this after mine was attacked n the hackers left a trail

not sure if its wise to post the site so i`ll pm u the addy

**aUsTiN**

The only thing with a PHP based vulnerability, as i said above one of my sites did not have any files, no html's, no php's, etc..

So i dont think the specific one you PM'ed me was my issue, however it could be an issue for others in the future.

To sum it up, make sure your host upgrades your PHP to the latest version.

**foxyone**

i didnt see ur site listed there, where as mine is , so i wasnt sure if it would help or not

but yes i think ur right about it being a problem for others in the future

sorry it wasnt any help and i hope u find out soon what the issue was

foxy

**foxyone**

i apologise for the double post

not sure if u found the answer to this issue or not
but my main forum was hacked 3 days ago ... i was actually on the forum as they was hacking ... so caught the ips 81.213.243.190
85.102.116.111

there was no sign of them on ip tracking anywhere on the forum they went in directly to admin/index.php

foxy

**jsr**

er that's why it's best to have the admin folder protected.

		This page has been viewed 4,930,023 times, last viewed: Sat Sep 06, 2008 5:08 pm.		Powered by phpBB 2.0.* © 2001, 2002 phpBB Group Avalanche style by What Is Real © 2004