http://secunia.com/advisories/13893/" target="_blank
It has nothing to do with phpBb
Who's With Me With Security Mods?
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Re: Who's With Me With Security Mods?
am i right to believe that the new phpbb will at least have the options that austin phpbb security mod has ?
if not i know that there are a few fans i have that will go after a site that i run... and ill run into all kinds of problems that i've had b4
http://phpbb-tweaks.com/downloads.php?mode=sub&cid=916" target="_blankphpBB Security
Short Description
This will add extreme added protection to your board. Will help prevent scripts from attacking & defacing your boards due to exploits in coding. Helps protect admin & moderator accounts.
if not i know that there are a few fans i have that will go after a site that i run... and ill run into all kinds of problems that i've had b4
Re: Who's With Me With Security Mods?
huh? The only way to be 100% certain you're board is safe (any board, not just phpBB ... the other major boards have just had a series of new releases due to security issues) is to not connect it to the internet. What you appear to be describing though are people spamming your board ... that's quite different to an inherit failure in the code leading to an exploit.
With 3.0 we've altered how we approach to a variety of issues which should lead to more secure code ... we aren't God's though, we're human and thus falible.
And to reiterate ... our best understanding right now is that this attack was not achieved through phpBB itself. Obviously we need to review all the information before commenting further.
With 3.0 we've altered how we approach to a variety of issues which should lead to more secure code ... we aren't God's though, we're human and thus falible.
And to reiterate ... our best understanding right now is that this attack was not achieved through phpBB itself. Obviously we need to review all the information before commenting further.
-
Amailer
- Registered User
- Posts: 16
- Joined: Sun Mar 28, 2004 5:52 am
- Location: www.AaronDM.com
- Contact:
Re: Who's With Me With Security Mods?
I have seen attacks like this on other sites also but those only replaced the index.* in the servers with a small php script that anyone can built... But it appares that somehow all the files from phpBB.com have been removed- I don't know if that was done by the admins or by the script but it seriously sucks... What reason is there to attack phpBB anyhow?
The only thing that confuses me is that... how on earth was the script run if it was the same type of script that replaces the index.* in all the hosted sites.
The only thing that confuses me is that... how on earth was the script run if it was the same type of script that replaces the index.* in all the hosted sites.
Re: Who's With Me With Security Mods?
AWSTATS a popular PERL based weblog analyzer on the most previous version when run on CGI mode based PHP (instead of Apache Module) had a bug which allowed someone to run arbitrary code as the webuser(nobody) which which is the account used by the webserver daemon.
William Jacoby - Community Team
Knowledge Base | phpBB Board Rules | Search Customisation Database
Please don't contact me via PM or email for phpBB support .
Knowledge Base | phpBB Board Rules | Search Customisation Database
Please don't contact me via PM or email for phpBB support .