phpBB exploited to access files?

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
ohlookitspaul
Registered User
Posts: 27
Joined: Fri Dec 16, 2005 5:05 am

phpBB exploited to access files?

Post by ohlookitspaul »

My website keeps on getting "malicious files" uploaded to it somehow to my images folder. After talking to my webhost, I was told that it might be a problem where I have what he called an "exploited forum" in which someone is able to upload files to my website somehow. Has this happened to anyone else? How did you fix it?

manojm
Registered User
Posts: 762
Joined: Sat Apr 15, 2006 4:04 am

Post by manojm »

Please give these details...
Your Forum's URL:
Your phpBB version number:
Any MODs installed:
When this started:

ohlookitspaul
Registered User
Posts: 27
Joined: Fri Dec 16, 2005 5:05 am

Post by ohlookitspaul »

forum: www.hatesomethingbeautiful.com/chat/

version: version 2.0.20

mods: custom title for quote boxes, multiple bbcode, rss content, extreme styles, youtube video, view pm, simple quickreply, easy botstopper, center bbcode, bbcode strikethrough, avatars viewable only after login

this started happening on August 17th. I hadn't installed any mods for about a couple of weeks before that so I don't think it's an improperly installed mod.

morestuff
Registered User
Posts: 816
Joined: Sun Aug 20, 2006 6:19 am

Post by morestuff »

change the chmod on your miages folder to 755 if it is set to 777

you do not need the images folder set to 777 for avatars, just the avatars folder.

try that.

other than that, it could be a mod that has exploitable files in it.

but it is not phpbb.

it most likely your host has out of date or insecure files on the server.

espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom »

Since v2.0.20 of PHPBB doesn't have any file upload capabilities EXCEPT the avatars (normally disabled), I'd have your host change your FTP password, as well as making sure that no directories that do not require are writable EXCEPT via FTP. I'd specifically set the permissions on images to 755, as suggested.
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

Locked

Return to “2.0.x Support Forum”