Phpbb Exploits?? Am I missing something

ebizcraftsman · #1 07-06-2005, 10:32 PM

Hello,

I have read several posts about an exploit with the phpbb forums. Is there something new out there I need to know about. Also what kind of exploit.. Access to your server, Damage to forums??

Thanks and please let me know.

ReasonSinger · #2 07-06-2005, 10:36 PM

Go to the source and read about the changes.

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=302011

The latest one is another highlight bug that was inadequately addressed the first time around. Those types of exploits allow people to use the insecure version to grab remote files and execute them on the server. In our experience, UDP flooders and IRC junk is what is usually uploaded.

BaselineAce · #3 07-06-2005, 11:09 PM

If you're aiming for a free forum, SMF is your man.

Jalberts · #4 07-06-2005, 11:37 PM

Do you have a link for SMF?

Thanks.

neb1211 · #5 07-06-2005, 11:49 PM

I believe that the url is http://www.simplemachines.org

Cirtex · #6 07-06-2005, 11:54 PM

Just keep your phpBB updated at all times.

cartika-andrew · #7 07-06-2005, 11:55 PM

Quote:

Originally posted by BaselineAce
If you're aiming for a free forum, SMF is your man.

SMF is a great app - but - still a little problematic for my liking.

Migrating URL's causes all sorts of DB issues - and the DB cleanup utility doesnt always work too well (though overall, this is a pretty nice utility)

Also - I really dont like how there isnt an option to turn off error reporting to the DB - as somthing as simple as password hack attempts can fill up the DB with junk. We had a users DB jump from 5 MB to 300 MB - and really - there was no way to prevent this except to comment out the error reporting....

Having said all this - its a great app - growing strong - great templating features - and not nearly as well known or used as phpbb - which ultimately means less vulnerabilities are found

catfished · #8 07-07-2005, 12:01 AM

Quote:

Originally posted by BaselineAce
If you're aiming for a free forum, SMF is your man.

Very true, SMF is the up and coming winner.

Scotty_B · #9 07-07-2005, 07:58 AM

Quote:

Originally posted by CartikaHosting
Also - I really dont like how there isnt an option to turn off error reporting to the DB - as somthing as simple as password hack attempts can fill up the DB with junk. We had a users DB jump from 5 MB to 300 MB - and really - there was no way to prevent this except to comment out the error reporting....

There is, it's in Edit Features & Options.

Fulk · #10 07-11-2005, 04:58 AM

Hosts Ban phpBB As Security Issues Persist

Leetservs · #11 07-11-2005, 05:06 AM

I'd reccomend just switch forums. Possibly INVISION if you liked the phpBB type panel.

magick · #12 07-11-2005, 11:41 AM

yes phpbb is popular so its vulnerable and if you dont update every morning to make sure youre up to date, you are a target. ive had two forums hacked on phpbb and as much as i like it i wont use it again cause i dont have the time to keep it updated properly.

cartika-andrew · #13 07-11-2005, 11:46 AM

Quote:

I'd reccomend just switch forums. Possibly INVISION if you liked the phpBB type panel.

As a policy, we avoid any application that defaults to p_connect ON.

Quote:

yes phpbb is popular so its vulnerable and if you dont update every morning to make sure youre up to date, you are a target. ive had two forums hacked on phpbb and as much as i like it i wont use it again cause i dont have the time to keep it updated properly.

We had a few sites compromised with these latest exploits - however, its not worth giving up on phpBB - excellent application, well supported, the community responds immediately to any exploits and issues patches.

On that note - suscribe to the phpBB mailing list and you will receive immediate notification of any updates/patches