This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
My Forum's stats:
- v2.0.13
- Mods installed: Skype Me! Button (my own creation)
- Templates installed: FiSubGreen (I've removed the SubSilver one)
The problem:
- The default template was overwritten (in the database only!)
- I've checked the database, and I saw that inside the prefix_themes table my template (FiSubGreen) was deleted and two other (none-available) templates were inserted, those were SubSilver and Fi Black (or something like that). In the row of Fi Black, there was, in the field style_name, some sort of code/sql-injection. (I forgot to copy it, but it was clearly some injection)
- This caused a critical error ("stylesheet not found") on the forum.
- I've manually inserted the template FiSubGreen again and deleted the others ...
- I think this happened while somebody registered ...
you must not have been completely upgraded to 2.0.13, this exploit was closed in that version. you will have to clean your database of all the traces of the hack and check for any unknown admins or restore from a backup from before the hack. then make sure you have a completely updated version of phpbb