PhPBB 3.24 BUG??

Discussion of non-phpBB related topics with other phpBB.com users.
Forum rules
General Discussion is a bonus forum for discussion of non-phpBB related topics with other phpBB.com users. All site rules apply.
Post Reply
bubbathegimp
Registered User
Posts: 7
Joined: Tue Sep 25, 2018 8:02 pm

PhPBB 3.24 BUG??

Post by bubbathegimp » Sat Nov 17, 2018 1:41 am

First off, I am a complete NOOB, And I have only been up a couple months.
I have been working on tightening up security as I figure it out...
I have been using Zap along with Securi Site's online scanner to check my progress.

Just scanning my site (Excluding my PhPBB directory) I only had an alert about X-XSS protection not being enabled and showing Robots.txt, and Sitemap.xml.
Since upgrading earlier from 3.23 to PhPbb 3.24 earlier today I am now getting X-XSS not enabled alerts on 15 more files that are all related to PhPBB,
and are not even in my Public_Html folder even though Zap lists them as being so..
common.php
config.php
Posting.cp
memberlist.php...etc,etc,etc....
I don't quite understand what happened with the new security changes, BUT this seems like a step back

User avatar
Lumpy Burgertushie
Registered User
Posts: 65349
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: PhPBB 3.24 BUG??

Post by Lumpy Burgertushie » Sat Nov 17, 2018 2:30 am

no expert at all on security but phpbb has not had a successful hack since 2007 when phpbb3 came out.

more often than not, those so called security testing programs give out false positives due to their own inadequacies.


personally, I wouldn't worry about it.


robert

User avatar
Marc
Development Team Leader
Development Team Leader
Posts: 5346
Joined: Tue Oct 30, 2007 10:57 pm
Location: Munich, Germany
Name: Marc
Contact:

Re: PhPBB 3.24 BUG??

Post by Marc » Sat Nov 17, 2018 11:38 am

That sounds a lot like a false positive. I don't think we changed anything in all these files that could result in them suddenly showing this issue and that's obviously not even closely related to the security issue that was fixed in 3.2.4.

User avatar
AmigoJack
Registered User
Posts: 5392
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: PhPBB 3.24 BUG??

Post by AmigoJack » Mon Nov 19, 2018 8:41 am

Make sure the mentioned files are unmodified by comparing them against those of a fresh installation package. Also keep an eye to details: phpBB is written like that and the version is 3.2.4. If you don't understand reports then consider attaching screenshots to your posts if you're not fond using BBCodes for formattings.

Post Reply

Return to “General Discussion”

Who is online

Users browsing this forum: nou nou and 24 guests