[Solved] Hacker!

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
SK
Registered User
Posts: 483
Joined: Sat Jan 26, 2002 11:55 pm
Location: Nottingham, UK

Post by SK » Wed Jun 12, 2002 6:48 pm

Falco1199 wrote: I've changed my password about a million times.
I've been trying to get 2.0.1 working. You're so friggin lucky!!


Not really we paid for our host thats the differance.

R45
Registered User
Posts: 2830
Joined: Tue Nov 27, 2001 10:42 pm

Post by R45 » Wed Jun 12, 2002 6:59 pm

qwarth wrote: a little piece of advice that i don't think anybody has mentioned... turn off html in signatures and posts.

people can add nasty attatchments such as javascript, flash files, shockwave etc to postings.

a good hacker could harvest cookies from your regular users... and use any of their logins to get in... including yours. every time you change your password, he/she could in theory get your new cookie.

s010 did it to gurn.com and dogsonacid.com messed with the moderators and admin, it was funny. but he is a hacker with a sense of humor, soem are not as nice.
Uhh no... HTML is limited to the tags you allow...

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Wed Jun 12, 2002 7:41 pm

OK I'm busy setting up on SpacePorts.

However, I'm having a problem on my forum. The .htaccess file is not letting me into the admin panel on IE. My IP on IE isn't static, and the only thing that stays is 172. I also wanted to let my AOL address in, so here's my .htaccess file:

Code: Select all

Order deny,allow 
Deny from all 
Allow from 172
Allow from 205.188.200.191
Is something wrong??
:-D

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Wed Jun 12, 2002 9:03 pm

For now, use one or the other. I'll look in to it but I think it's 172, 207.etc.etc.etc
Proven Offensive Security Expertise. OSCP - GXPN

SK
Registered User
Posts: 483
Joined: Sat Jan 26, 2002 11:55 pm
Location: Nottingham, UK

Post by SK » Wed Jun 12, 2002 9:45 pm

*beep* that avatar its driving me nuts

Edited my moderator

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Thu Jun 13, 2002 1:42 am

Techie-Micheal wrote: For now, use one or the other. I'll look in to it but I think it's 172, 207.etc.etc.etc


205 not 207 but whatever. I'll change it. Post back whenever you find out for sure :-D.
:-D

User avatar
roly
Registered User
Posts: 775
Joined: Fri Jan 04, 2002 7:13 am
Location: Australia

Post by roly » Thu Jun 13, 2002 5:47 am

Falco1199 wrote: OK I'm busy setting up on SpacePorts.

However, I'm having a problem on my forum. The .htaccess file is not letting me into the admin panel on IE. My IP on IE isn't static, and the only thing that stays is 172. I also wanted to let my AOL address in, so here's my .htaccess file:

Code: Select all

Order deny,allow 
Deny from all 
Allow from 172
Allow from 205.188.200.191
Is something wrong??

spaceports bans .htaccess

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Thu Jun 13, 2002 12:32 pm

On your toes again, huh roly? :P I had forgotten that they only allow .htaccess for password protection. . .
Proven Offensive Security Expertise. OSCP - GXPN

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Thu Jun 13, 2002 3:09 pm

Umm... should I not use Spaceports then? The error roly quoted was on Lycos though...
:-D

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Thu Jun 13, 2002 3:18 pm

Yes, you should use spaceports, they are better by far. :) If that error was on Lycos, try putting a , between the to IP's instead of a line break.
Proven Offensive Security Expertise. OSCP - GXPN

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Fri Jun 14, 2002 3:30 pm

OK, I'm trying to get things working on SpacePorts. I uploaded, but when I go to the forum, I see:

Code: Select all

phpBB : Critical Error 

Could not query config information 
I figure this is a problem with my config.php script. Here is what I have:

Code: Select all

<?php

//
// phpBB 2.x auto-generated config file
// Do not change anything in this file!
//

$dbms = "mysql";

$dbhost = "localhost";
$dbname = "cgalaxy";
$dbuser = "cgalaxy";
$dbpasswd = "(my password here)";

$table_prefix = "phpbb_";

define('PHPBB_INSTALLED', true);

?>
I tried switching localhost to the FTP address, cgi-bin.spaceports.com, but it didn't seem to work... Can you tell my problem?
:-D

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Fri Jun 14, 2002 3:56 pm

It sounds like a missing config table. . . Upload phpmyadmin, make it secure by using http or cookie method and check to see if phpbb_config is there and populate correctly. There should be 59 records.
Proven Offensive Security Expertise. OSCP - GXPN

geoffs
Registered User
Posts: 8
Joined: Thu Apr 25, 2002 6:38 pm

Okay...

Post by geoffs » Fri Jun 14, 2002 8:21 pm

Okay... You might say that I am interested in 'Advanced Computing' and there is absalutly no way to stop someone from visiting your forums, if they know what their doing...

Simply put, if you ban IP's (Example) 255.*.*.* They can still use something called a 'Proxy Server'... Basicly you connect to a computer with a different IP, like 254.*.*.* and then goto your Forum, as you havnt blocked it... So unless you plan on blocking ALL IP's possible, they will always be able to access it.... BTW: This is pretty common knowledge;)

Also, please state ALL mods that you have installed, because as someone else put, even though phpBB2 is pretty secure, a mis configured MOD, (or even phpBB, if you set the permissions wrong) could give any access to the AdminCP, or even the server's ROOT...

Lycos UK is what I use, and it is satisfactory for me;) I have a MOD'ed version of 2.0.1 (or whatever the latest version is)... If you tried to install 2.0.1 with a MOD, make sure you have made the required changes to the Database, which would cause the error you specified if you had forgotten

I have found a few Security holes in phpBB mods, but I informed the scripter, and I believe the latest version of all the mods have fixed them...

Dont worry, for those of you who know what this means, Im White Hat... Which means I dont go around ruining and destroying things, but rather try to fix them;)

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Sat Jun 15, 2002 5:44 pm

OK Something really weird is happening w/ these forums... I KNOW I responded after:
Yes, you should use spaceports, they are better by far. If that error was on Lycos, try putting a , between the to IP's instead of a line break.


But that's the last message I see. What's wrong?? Does anyone else see my message?? :(
:-D

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Sat Jun 15, 2002 5:50 pm

OK Now I see the responses. I don't know how many times I'll have to say I have NO mods. I should probably put it in my sig...

I just realized; there probably isn't a phpBB table on the database; I haven't put back the database I backed up from the old forums yet. Can I use phMyAdmin to put it in? What do you mean by "http or cookie method"?

Thanks.
:-D

Locked

Return to “2.0.x Support Forum”