well i had the same kinda thing but my site was over run...accounts taken the kid made himself admin
I am sorry to hear that. I take it your board was not updated to the latest version? It's absolutely critical that phpBB admins keep their boards bang up to date. The phpBB developers do their bit by releasing new versions as soon as a vulnerability is reported and support us well beyond the call of duty. I feel that the least we
can do is to keep our boards bang up to date at all times. I hope you get it back.
If it is hidden, he is most likeley seeing a login screen (and it might even be a bot).
I assure you it is hidden. It did occur to me that it might have been a bot as Google were madly crawling the board all day yesterday. But the IP is not one that I know Google or any other SE to use. That's what worried me.
Are you saying that the ACP will show a guest browsing a hidden forum even though all they
are seeing is a login screen? The ACP showed that IP browsing that hidden forum for fifteen minutes. Isn't that rather a long time to be viewing a login screen?
You COULD try scanning the account with my toolkit to see if any extra admin accounts exist.
Thank you, but firing up phpMyadmin was the first thing I did. There are no extra admin accounts. Also the board is at version 2.0.14 and I'm not using AWstats, so in theory there shouldn't be any way to hack into it, should there?
So..to repeat my questions: what AM
I seeing and should I be worried that a guest is able to access a private, hidden forum, access to which is restricted to mods and admins only?