Results 1 to 18 of 18
Thread: hacked php forum
-
12-13-2006, 05:25 PM #1Junior Guru
- Join Date
- May 2003
- Location
- New Hampshire
- Posts
- 226
hacked php forum
My php forum keeps getting hacked into, any way to stop this? I moved it from one server to another and it keeps happening. I am using the latest script. Help!
-
12-13-2006, 05:39 PM #2Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
Which script? Which version? Have you checked the access_logs to see how it's getting "hacked". Are you sure it's not an admin account that's been compromised?
-ScottServer Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com
-
12-13-2006, 05:50 PM #3Junior Guru
- Join Date
- May 2003
- Location
- New Hampshire
- Posts
- 226
Originally Posted by Scott.Mc
I don't know what version it is, it does not say on the forum. I have been updating it every time a new version comes out. No, have not checked the access logs. I've been looking at the webstats and there are a lot of search queries for "powered by PHP...." so apparantly somebody is search for boards to hack.
-
12-13-2006, 05:51 PM #4Keep rockin' in the free world
- Join Date
- May 2002
- Location
- Kingston, Ontario
- Posts
- 1,588
It could be anything, a vulnerable PHP script that doesn't properly sanitize variables, a form getting hit by spam bots.. please expalin.
-
12-13-2006, 05:56 PM #5Junior Guru Wannabe
- Join Date
- Nov 2001
- Posts
- 65
What's the name of the forum script? PHPbb? SMF?
-
12-13-2006, 09:10 PM #6Junior Guru
- Join Date
- May 2003
- Location
- New Hampshire
- Posts
- 226
Originally Posted by rivka
-
12-13-2006, 09:17 PM #7Web Hosting Master
- Join Date
- Apr 2005
- Location
- San Francisco, CA
- Posts
- 1,031
Originally Posted by SydneyJen
If you want to enjoy your forum website - do next:
1) REMOVE PhpBB
2) Buy and Install VBulletin
That it. Simple.
Regards
Steven
-
12-13-2006, 10:02 PM #8Keep rockin' in the free world
- Join Date
- May 2002
- Location
- Kingston, Ontario
- Posts
- 1,588
Are you using the latest release available?
-
12-13-2006, 10:19 PM #9Web Hosting Master
- Join Date
- May 2001
- Posts
- 2,167
If you have no money, at least switch to SMF, another free board. However, i still recommend vbulletin.
Affordable Managed Hosting Solutions for Professional & Business since 2001
Mxhub.com - Global : USA - UK - Canada - Europe - Asia Pacific
-
12-13-2006, 11:13 PM #10phpbb is the WORST script ever - so many security holes that I never seen in any other php script
-
12-13-2006, 11:14 PM #11Web Hosting Master
- Join Date
- Jul 2004
- Location
- Texas
- Posts
- 688
I highly suggest you check out your access_log, it will show you what people are using to exploit you.
Also, what exactly is happening? It may be another problem.
-
12-13-2006, 11:18 PM #12Web Hosting Master
- Join Date
- Aug 2002
- Location
- here
- Posts
- 1,566
Originally Posted by bear
code in hand = easier to exploitDave
-
12-14-2006, 01:29 AM #13Newbie
- Join Date
- Feb 2003
- Posts
- 12
I use freely available, open-source scripts all the time -- forums, CMSs, linking directories, blogs, etc. I've never been hacked like I've been hacked when using PHPbb. It's not just that you have to keep your code up to date -- you have to be seriously vigilant about it, and update your site the second a new release is out, or you WILL be hacked. Frankly, I can't see why anyone would want to use a script that is such a target of hackers. I second the recommendation for vBulletin, or at the very least, use a free forum that is lesser known, and better written. I've looked at the PHPbb code -- it's not very well written, and I can see why they're constantly getting hacked!
-
12-18-2006, 12:44 AM #14Junior Guru
- Join Date
- May 2003
- Location
- New Hampshire
- Posts
- 226
Originally Posted by Ramprage
-
12-23-2006, 06:46 PM #15Web Hosting Master
- Join Date
- Jan 2004
- Posts
- 1,184
What's the version of your phpbb?
-
12-23-2006, 08:45 PM #16Junior Guru Wannabe
- Join Date
- Nov 2006
- Posts
- 60
use the latest one. Allways know your version number, scan your PC for trojans.
http://www.phpbb.com/downloads.php
-
12-25-2006, 12:22 PM #17Aspiring Evangelist
- Join Date
- Mar 2006
- Posts
- 421
Tbh, it sounds more like your PC has a keylogger installed, in which case even the all mighty uber secure vbulletin users in this thread will be hacked I suggest that you scan your local computer before you do anything else.
Also, please explain what happens when you're getting "hacked" and how long it's been going on for?|| Semi-professional PHP developer || Exams right now, don't I just feel lucky? ||
-
12-25-2006, 01:11 PM #18learning is in the doing
- Join Date
- Sep 2000
- Location
- Alberta, Canada
- Posts
- 3,146
Originally Posted by SydneyJen
I suggest you contact your Hoster and ask if they have mod_security installed.
If no and they wont' install then find a Hoster that does use it.
If yes then ask if they can add these Rules:
# phpBB: General protection
SecFilterSelective SCRIPT_FILENAME "viewtopic\.php$" chain
SecFilterSelective ARG_highlight "%27"
# Exploit phpBB Highlighting SQL Injection
SecFilter "&highlight='\.mysql_query\("
# Exploit phpBB Highlighting Code Execution - Santy.A Worm
SecFilter "&highlight='\.fwrite\(fopen\("
# Exploit phpBB Highlight Exploit Attempt
SecFilter "&highlight=\x2527\x252Esystem\("
# phpbb XSS
SecFilterSelective REQUEST_URI "/posting\.php\?mode=reply\&t=.*userid.*phpbb2mysql_t=(<[[:space:]]*script|(http|https|ftp)\:/)"
# phpbb XSS
SecFilterSelective REQUEST_URI "/posting\.php\\?.*(<[[:space:]]*script|(http|https|ftp)\:/)"
# More PHPBB worms
SecFilter "^/viewtopic\.php\?" chain
SecFilter "chr\(([0-9]{1,3})\)"
# another variation of the PHPBB worm sigs
SecFilterSelective THE_REQUEST "viewtopic\.php" chain
SecFilterSelective "THE_REQUEST|ARG_VALUES" "(passthru|cmd|fopen|exit|fwrite)"
# phpbb Session Cookie
SecFilterSelective COOKIE_sessionid "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D"
SecFilter "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D"
The above is great protection to stop any version of phpBB from the most common hacks.• PotentProducts.com - for all your Hosting needs
• Helping people Host, Create and Maintain their Web Site
• ServerAdmin Services also available