Who's With Me With Security Mods?

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
William R
Registered User
Posts: 43
Joined: Mon Mar 03, 2003 11:28 am

Re: Who's With Me With Security Mods?

Post by William R »

http://secunia.com/advisories/13893/" target="_blank

It has nothing to do with phpBb

</end>
Registered User
Posts: 4
Joined: Mon Jan 24, 2005 2:25 am

Re: Who's With Me With Security Mods?

Post by </end> »

am i right to believe that the new phpbb will at least have the options that austin phpbb security mod has ?
phpBB Security
Short Description

This will add extreme added protection to your board. Will help prevent scripts from attacking & defacing your boards due to exploits in coding. Helps protect admin & moderator accounts.
http://phpbb-tweaks.com/downloads.php?mode=sub&cid=916" target="_blank

if not i know that there are a few fans i have that will go after a site that i run... and ill run into all kinds of problems that i've had b4 :|

User avatar
psoTFX
Registered User
Posts: 1984
Joined: Tue Jul 03, 2001 8:50 pm
Contact:

Re: Who's With Me With Security Mods?

Post by psoTFX »

huh? The only way to be 100% certain you're board is safe (any board, not just phpBB ... the other major boards have just had a series of new releases due to security issues) is to not connect it to the internet. What you appear to be describing though are people spamming your board ... that's quite different to an inherit failure in the code leading to an exploit.

With 3.0 we've altered how we approach to a variety of issues which should lead to more secure code ... we aren't God's though, we're human and thus falible.

And to reiterate ... our best understanding right now is that this attack was not achieved through phpBB itself. Obviously we need to review all the information before commenting further.

Amailer
Registered User
Posts: 16
Joined: Sun Mar 28, 2004 5:52 am
Location: www.AaronDM.com
Contact:

Re: Who's With Me With Security Mods?

Post by Amailer »

I have seen attacks like this on other sites also but those only replaced the index.* in the servers with a small php script that anyone can built... But it appares that somehow all the files from phpBB.com have been removed- I don't know if that was done by the admins or by the script but it seriously sucks... What reason is there to attack phpBB anyhow?
The only thing that confuses me is that... how on earth was the script run if it was the same type of script that replaces the index.* in all the hosted sites.

User avatar
bonelifer
Community Team
Community Team
Posts: 112
Joined: Mon Jan 31, 2005 10:41 am

Re: Who's With Me With Security Mods?

Post by bonelifer »

AWSTATS a popular PERL based weblog analyzer on the most previous version when run on CGI mode based PHP (instead of Apache Module) had a bug which allowed someone to run arbitrary code as the webuser(nobody) which which is the account used by the webserver daemon.

Post Reply