Who's With Me With Security Mods?

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Eternal2u
Registered User
Posts: 12
Joined: Tue Jun 01, 2004 9:53 pm

Who's With Me With Security Mods?

Post by Eternal2u »

is it just me or when phpBB.com comes back up, am i gona be the only one installing every security mod known to man on there?

**Edit in

oh yea congrats to the phpBB 2.2 (now 3.0) team, it's good to kno that we'll have alot more secure phpBB board to rely on..no offense really..phpBB 2.0.x was a incredible forum..best out there still even with the updated vB and ipb..so...

Good *beep* that phpBB 3.0 will be beta released soon

Martin Blank
Registered User
Posts: 687
Joined: Sun May 11, 2003 11:17 am

Re: Who's With Me With Security Mods?

Post by Martin Blank »

The evidence mentioned in other threads suggests that it was not a problem with phpBB, but with another application installed on the server. I've gone off and checked my own box, and have determined that I already patched this problem a week or so ago.

Be careful with installing a lot of security mods, because some of them are window dressing at best, and can open you up to other issues at worst.
You can never go home again... but I guess you can shop there.

night.exe
Registered User
Posts: 17
Joined: Sat Jan 29, 2005 11:53 pm
Contact:

Re: Who's With Me With Security Mods?

Post by night.exe »

You can't use phpBB software to change file content, that's server hackery. The only function php 3,4 and 5 have to change files is fopen() and that's not used anywhere in phpBB code.
Image
I'm pro-PHP!

battye
Extension Customisations
Extension Customisations
Posts: 177
Joined: Fri Jul 09, 2004 11:53 am
Location: Australia
Contact:

Re: Who's With Me With Security Mods?

Post by battye »

night.exe wrote: You can't use phpBB software to change file content, that's server hackery. The only function php 3,4 and 5 have to change files is fopen() and that's not used anywhere in phpBB code.
Well not in 2.0.11, in the previous versions you could be defaced with the Santy worm.
Simulation Cricket Authority: http://www.simulationcricket.com

night.exe
Registered User
Posts: 17
Joined: Sat Jan 29, 2005 11:53 pm
Contact:

Re: Who's With Me With Security Mods?

Post by night.exe »

battye wrote: night.exe wrote:You can't use phpBB software to change file content, that's server hackery. The only function php 3,4 and 5 have to change files is fopen() and that's not used anywhere in phpBB code.


Well not in 2.0.11, in the previous versions you could be defaced with the Santy worm.
True, but that requires a PERL server, if you're hosted on a PHP+MySQL but no PERL server, you're fine. Another way to get around it was to make your $phpEx var ".php3" although that extension is officially depreceated, it is still recognized by most PHP configurations.

That was a terror, it used PhpBB to get the password and server name for your FTP and replaced all of the files with .htm", .php, .asp, .shtm, .jsp and .phtm to say "This site is defaced!!!"

Btw, non-PERL servers are hard to find with PHP. :P
Image
I'm pro-PHP!

ve4jhj
Registered User
Posts: 69
Joined: Tue Mar 16, 2004 4:07 am
Location: Mons Olympus
Contact:

Re: Who's With Me With Security Mods?

Post by ve4jhj »

but anyone with any sense will have installed v. 2.0.11, so they don't have to worry about that. those that didn't, hopefully did once they were hit. so prior versions are mostly a non-issue.

and what night.exe said.
NO PM or IM support offered!!
thank you!

battye
Extension Customisations
Extension Customisations
Posts: 177
Joined: Fri Jul 09, 2004 11:53 am
Location: Australia
Contact:

Re: Who's With Me With Security Mods?

Post by battye »

Good points, most people have upgraded, or at the very least added the code fix to viewtopic.php, so yes I agree, the Santy worm is a non-issue now.
Simulation Cricket Authority: http://www.simulationcricket.com

night.exe
Registered User
Posts: 17
Joined: Sat Jan 29, 2005 11:53 pm
Contact:

Re: Who's With Me With Security Mods?

Post by night.exe »

ve4jhj wrote: but anyone with any sense will have installed v. 2.0.11, so they don't have to worry about that. those that didn't, hopefully did once they were hit. so prior versions are mostly a non-issue.
Actually, some people might not have upgraded from 1.x. Most 1.x MODs aren't compatible with 2.x. When they change the first ver number they've completely overhauled the system, so I doubt a lot of MODs that rely on built in vars and system classes like $db and $template will still work.

Then again, they're not done with it, they might still work or be just a short few var replacements away
Image
I'm pro-PHP!

battye
Extension Customisations
Extension Customisations
Posts: 177
Joined: Fri Jul 09, 2004 11:53 am
Location: Australia
Contact:

Re: Who's With Me With Security Mods?

Post by battye »

night.exe wrote:
ve4jhj wrote: but anyone with any sense will have installed v. 2.0.11, so they don't have to worry about that. those that didn't, hopefully did once they were hit. so prior versions are mostly a non-issue.
Actually, some people might not have upgraded from 1.x. Most 1.x MODs aren't compatible with 2.x. When they change the first ver number they've completely overhauled the system, so I doubt a lot of MODs that rely on built in vars and system classes like $db and $template will still work.

Then again, they're not done with it, they might still work or be just a short few var replacements away
I'm confused, what does phpBB v1.x have to do with this topic? :?
Simulation Cricket Authority: http://www.simulationcricket.com

night.exe
Registered User
Posts: 17
Joined: Sat Jan 29, 2005 11:53 pm
Contact:

Re: Who's With Me With Security Mods?

Post by night.exe »

battye wrote: night.exe wrote:ve4jhj wrote:but anyone with any sense will have installed v. 2.0.11, so they don't have to worry about that. those that didn't, hopefully did once they were hit. so prior versions are mostly a non-issue.


Actually, some people might not have upgraded from 1.x. Most 1.x MODs aren't compatible with 2.x. When they change the first ver number they've completely overhauled the system, so I doubt a lot of MODs that rely on built in vars and system classes like $db and $template will still work.

Then again, they're not done with it, they might still work or be just a short few var replacements away


I'm confused, what does phpBB v1.x have to do with this topic? Confused
Ok, I was using the transition from v1.x to v2.x as an example. Some people haven't upgraded officially but changed all the internal code(me!) to pump it up and make it rock like 2.x because 3.x will be a serious overhaul of 2.x and will use totally different classes and vars.
Image
I'm pro-PHP!

Post Reply