phpbb 3 forum: EASY TO HACK

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide

phpbb 3 forum: EASY TO HACK

Postby d_uff » Sun Apr 06, 2008 2:36 am

Well my friends, my site has been hacked and all posts had gone :cry: I've tried to upload my backup (made by admin panel) but nothing seems to work, you can see some posts in te viewforum page, but entering the topic it says it doesn't exist :roll:

the matter here is... many people told me there are many many ways to HACK phpbb 3.0 because of cache, spiders and many other features, for example, my forum was hacked just reviewing google's cached pages directing my board :x

I THOUGHT it was the best forum, I'm sorry to say I was in a gr8 mistake.

Free things many times are more expensive :cry:
Last edited by Noxwizard on Sun Apr 06, 2008 2:40 am, edited 1 time in total.
Reason: No need for colored and large text
d_uff
Registered User
 
Posts: 33
Joined: Thu Nov 10, 2005 11:43 am

Re: phpbb 3 forum: EASY TO HACK

Postby Noxwizard » Sun Apr 06, 2008 2:58 am

phpBB3 has no known vulnerabilities in it. Most likely your sources were misinformed. The most common reason for things like this happening are that there's outdated scripts running elsewhere (like a blog, news, etc..), that the server is poorly configured, that there's a compromised account on the server, and so on.

Having said that, we always like to look into the matter, so please follow these directions:
My board has been hacked, what do I do? wrote:Please do the following before making any modifications to your board (this includes changing passwords, editing files, running the admin toolkit, etc.):
1) Save a copy of the files (simply create a local copy of the files on the server).
2) Save a copy of the database.
3) Save the server access logs for the time of the hack (they may be available in the 'logs' directory on the server, in your host's control panel or only by request directly from your host).
4) File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Hosting Services - The Business Helpdesk.com, Inc.
Do not contact me for private support, please share the question in our forums.
User avatar
Noxwizard
Support Team Leader
Support Team Leader
 
Posts: 9538
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster

Re: phpbb 3 forum: EASY TO HACK

Postby Hiram1 » Sun Apr 06, 2008 8:26 am

Hey d_uff,

Starting an "I've Been Hacked" thread raises red flags, and makes folks nervous and possibly say, "Oh Gawd I just made a phpbb 3 board and now it's easy to hack"... please make certain that you have actually been hacked, before posting things like this.

Like Noxwizard said, chances are if you were really hacked, it was not the fault of phpbb 3, more likely other scripts you have installed, or something you got through your host.

I would also consider the possibility that an admin may have made a boo boo while in your control panel, maybe while doing some clean up or installing a MOD. I've had this happen to me, and I must admit, the first thing that comes to mind is "hacker" but it usually ends up being nothing more than a mistake.

Please make sure a "hacker" is really a "hacker"

Hiram
Hiram1
Registered User
 
Posts: 17
Joined: Sun Mar 16, 2008 10:51 am

Re: phpbb 3 forum: EASY TO HACK

Postby karlsemple » Sun Apr 06, 2008 8:52 am

and with that closed..... The incident tracker is the place to submit incident reports, worth noting phpBB3 had a paid security audit and not security holes were found :) More likely something else on the server was hacked and they decided to use said vulnerability to destroy the board.
Image
User avatar
karlsemple
Former Team Member
 
Posts: 39802
Joined: Mon Nov 01, 2004 8:54 am
Location: Hereford, UK


Return to 3.0.x Support Forum

Who is online

Users browsing this forum: Moviefrontier, Oyabun1, Pony99CA, stevemaury and 61 guests

cron