Results 1 to 18 of 18
  1. #1
    Join Date
    May 2003
    Location
    New Hampshire
    Posts
    225

    hacked php forum

    My php forum keeps getting hacked into, any way to stop this? I moved it from one server to another and it keeps happening. I am using the latest script. Help!

  2. #2
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,549
    Which script? Which version? Have you checked the access_logs to see how it's getting "hacked". Are you sure it's not an admin account that's been compromised?

    -Scott
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: [email protected]

  3. #3
    Join Date
    May 2003
    Location
    New Hampshire
    Posts
    225
    Quote Originally Posted by Scott.Mc
    Which script? Which version? Have you checked the access_logs to see how it's getting "hacked". Are you sure it's not an admin account that's been compromised?

    -Scott
    By an admin account do you mean somebody got my user name and password? I thought of that and I changed the password and they still got in.

    I don't know what version it is, it does not say on the forum. I have been updating it every time a new version comes out. No, have not checked the access logs. I've been looking at the webstats and there are a lot of search queries for "powered by PHP...." so apparantly somebody is search for boards to hack.

  4. #4
    Join Date
    May 2002
    Location
    Kingston, Ontario
    Posts
    1,573
    It could be anything, a vulnerable PHP script that doesn't properly sanitize variables, a form getting hit by spam bots.. please expalin.
    Upload Guardian 2 - Malicious Upload Scanner - Windows and Linux!
    Instantly scan uploaded files
    Get notified when released

  5. #5
    What's the name of the forum script? PHPbb? SMF?

  6. #6
    Join Date
    May 2003
    Location
    New Hampshire
    Posts
    225
    Quote Originally Posted by rivka
    What's the name of the forum script? PHPbb? SMF?
    Powered by phpBB 2001, 2005 phpBB Group

  7. #7
    Join Date
    Apr 2005
    Location
    San Francisco, CA
    Posts
    1,029
    Quote Originally Posted by SydneyJen
    Powered by phpBB 2001, 2005 phpBB Group
    phpbb is the WORST script ever - so many security holes that I never seen in any other php script.

    If you want to enjoy your forum website - do next:

    1) REMOVE PhpBB

    2) Buy and Install VBulletin

    That it. Simple.

    Regards

    Steven

  8. #8
    Join Date
    May 2002
    Location
    Kingston, Ontario
    Posts
    1,573
    Are you using the latest release available?
    Upload Guardian 2 - Malicious Upload Scanner - Windows and Linux!
    Instantly scan uploaded files
    Get notified when released

  9. #9
    If you have no money, at least switch to SMF, another free board. However, i still recommend vbulletin.
    Affordable Managed Hosting Solutions for Professional & Business since 2001
    Mxhub.com - Global : USA - UK - Canada - Europe - Asia Pacific


  10. #10
    Join Date
    Oct 2002
    Location
    State of Disbelief
    Posts
    22,948
    phpbb is the WORST script ever - so many security holes that I never seen in any other php script
    Something of an overstatement there. It's only as good as it's latest update, and if done regularly should be reasonably safe. PHPBB is hit more often because it's used more widely, just like Windows. Bigger target.

  11. #11
    Join Date
    Jul 2004
    Location
    Texas
    Posts
    687
    I highly suggest you check out your access_log, it will show you what people are using to exploit you.

    Also, what exactly is happening? It may be another problem.

  12. #12
    Join Date
    Aug 2002
    Location
    here
    Posts
    1,568
    Quote Originally Posted by bear
    Something of an overstatement there. It's only as good as it's latest update, and if done regularly should be reasonably safe. PHPBB is hit more often because it's used more widely, just like Windows. Bigger target.
    Also something to keep in mind is that phpbb's code is much easier to get your hands on then some of the paid ones that dont get hacked as often.
    code in hand = easier to exploit
    Dave

  13. #13
    I use freely available, open-source scripts all the time -- forums, CMSs, linking directories, blogs, etc. I've never been hacked like I've been hacked when using PHPbb. It's not just that you have to keep your code up to date -- you have to be seriously vigilant about it, and update your site the second a new release is out, or you WILL be hacked. Frankly, I can't see why anyone would want to use a script that is such a target of hackers. I second the recommendation for vBulletin, or at the very least, use a free forum that is lesser known, and better written. I've looked at the PHPbb code -- it's not very well written, and I can see why they're constantly getting hacked!

  14. #14
    Join Date
    May 2003
    Location
    New Hampshire
    Posts
    225
    Quote Originally Posted by Ramprage
    Are you using the latest release available?
    Yes, I am using the latest release. There is a YABB in cpanel that I have installed, its suppose to be more secure than the php board. I will give this one a try.

  15. #15
    Join Date
    Jan 2004
    Posts
    1,183
    What's the version of your phpbb?

  16. #16
    use the latest one. Allways know your version number, scan your PC for trojans.

    http://www.phpbb.com/downloads.php

  17. #17
    Join Date
    Mar 2006
    Posts
    418
    Tbh, it sounds more like your PC has a keylogger installed, in which case even the all mighty uber secure vbulletin users in this thread will be hacked I suggest that you scan your local computer before you do anything else.

    Also, please explain what happens when you're getting "hacked" and how long it's been going on for?
    || Semi-professional PHP developer || Exams right now, don't I just feel lucky? ||

  18. #18
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    Quote Originally Posted by SydneyJen
    My php forum keeps getting hacked into, any way to stop this? I moved it from one server to another and it keeps happening. I am using the latest script. Help!
    I wonder if by "hacked" you mean defaced - your index page replaced with someone else's? Quite common if the Hoster does not have good security in place. It's better for the Hoster to provide certain types of hacker protection, Server-wide, then for a Client to try and set something up themselves.

    I suggest you contact your Hoster and ask if they have mod_security installed.
    If no and they wont' install then find a Hoster that does use it.
    If yes then ask if they can add these Rules:

    # phpBB: General protection

    SecFilterSelective SCRIPT_FILENAME "viewtopic\.php$" chain
    SecFilterSelective ARG_highlight "%27"

    # Exploit phpBB Highlighting SQL Injection
    SecFilter "&highlight='\.mysql_query\("

    # Exploit phpBB Highlighting Code Execution - Santy.A Worm
    SecFilter "&highlight='\.fwrite\(fopen\("

    # Exploit phpBB Highlight Exploit Attempt
    SecFilter "&highlight=\x2527\x252Esystem\("

    # phpbb XSS
    SecFilterSelective REQUEST_URI "/posting\.php\?mode=reply\&t=.*userid.*phpbb2mysql_t=(<[[&#058;space:]]*script|(http|https|ftp)\:/)"

    # phpbb XSS
    SecFilterSelective REQUEST_URI "/posting\.php\\?.*(<[[&#058;space:]]*script|(http|https|ftp)\:/)"

    # More PHPBB worms
    SecFilter "^/viewtopic\.php\?" chain
    SecFilter "chr\(([0-9]{1,3})\)"

    # another variation of the PHPBB worm sigs
    SecFilterSelective THE_REQUEST "viewtopic\.php" chain
    SecFilterSelective "THE_REQUEST|ARG_VALUES" "(passthru|cmd|fopen|exit|fwrite)"

    # phpbb Session Cookie
    SecFilterSelective COOKIE_sessionid "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D"
    SecFilter "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D"


    The above is great protection to stop any version of phpBB from the most common hacks.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •