is it just me or when phpBB.com comes back up, am i gona be the only one installing every security mod known to man on there?
**Edit in
oh yea congrats to the phpBB 2.2 (now 3.0) team, it's good to kno that we'll have alot more secure phpBB board to rely on..no offense really..phpBB 2.0.x was a incredible forum..best out there still even with the updated vB and ipb..so...
Good *beep* that phpBB 3.0 will be beta released soon
Who's With Me With Security Mods?
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
-
- Registered User
- Posts: 687
- Joined: Sun May 11, 2003 11:17 am
Re: Who's With Me With Security Mods?
The evidence mentioned in other threads suggests that it was not a problem with phpBB, but with another application installed on the server. I've gone off and checked my own box, and have determined that I already patched this problem a week or so ago.
Be careful with installing a lot of security mods, because some of them are window dressing at best, and can open you up to other issues at worst.
Be careful with installing a lot of security mods, because some of them are window dressing at best, and can open you up to other issues at worst.
You can never go home again... but I guess you can shop there.
Re: Who's With Me With Security Mods?
You can't use phpBB software to change file content, that's server hackery. The only function php 3,4 and 5 have to change files is fopen() and that's not used anywhere in phpBB code.
-
- Extension Customisations
- Posts: 177
- Joined: Fri Jul 09, 2004 11:53 am
- Location: Australia
- Contact:
Re: Who's With Me With Security Mods?
Well not in 2.0.11, in the previous versions you could be defaced with the Santy worm.night.exe wrote: You can't use phpBB software to change file content, that's server hackery. The only function php 3,4 and 5 have to change files is fopen() and that's not used anywhere in phpBB code.
Customisations Team
Re: Who's With Me With Security Mods?
True, but that requires a PERL server, if you're hosted on a PHP+MySQL but no PERL server, you're fine. Another way to get around it was to make your $phpEx var ".php3" although that extension is officially depreceated, it is still recognized by most PHP configurations.battye wrote: night.exe wrote:You can't use phpBB software to change file content, that's server hackery. The only function php 3,4 and 5 have to change files is fopen() and that's not used anywhere in phpBB code.
Well not in 2.0.11, in the previous versions you could be defaced with the Santy worm.
That was a terror, it used PhpBB to get the password and server name for your FTP and replaced all of the files with .htm", .php, .asp, .shtm, .jsp and .phtm to say "This site is defaced!!!"
Btw, non-PERL servers are hard to find with PHP.
Re: Who's With Me With Security Mods?
but anyone with any sense will have installed v. 2.0.11, so they don't have to worry about that. those that didn't, hopefully did once they were hit. so prior versions are mostly a non-issue.
and what night.exe said.
and what night.exe said.
NO PM or IM support offered!!
thank you!
thank you!
-
- Extension Customisations
- Posts: 177
- Joined: Fri Jul 09, 2004 11:53 am
- Location: Australia
- Contact:
Re: Who's With Me With Security Mods?
Good points, most people have upgraded, or at the very least added the code fix to viewtopic.php, so yes I agree, the Santy worm is a non-issue now.
Customisations Team
Re: Who's With Me With Security Mods?
Actually, some people might not have upgraded from 1.x. Most 1.x MODs aren't compatible with 2.x. When they change the first ver number they've completely overhauled the system, so I doubt a lot of MODs that rely on built in vars and system classes like $db and $template will still work.ve4jhj wrote: but anyone with any sense will have installed v. 2.0.11, so they don't have to worry about that. those that didn't, hopefully did once they were hit. so prior versions are mostly a non-issue.
Then again, they're not done with it, they might still work or be just a short few var replacements away
-
- Extension Customisations
- Posts: 177
- Joined: Fri Jul 09, 2004 11:53 am
- Location: Australia
- Contact:
Re: Who's With Me With Security Mods?
I'm confused, what does phpBB v1.x have to do with this topic?night.exe wrote:Actually, some people might not have upgraded from 1.x. Most 1.x MODs aren't compatible with 2.x. When they change the first ver number they've completely overhauled the system, so I doubt a lot of MODs that rely on built in vars and system classes like $db and $template will still work.ve4jhj wrote: but anyone with any sense will have installed v. 2.0.11, so they don't have to worry about that. those that didn't, hopefully did once they were hit. so prior versions are mostly a non-issue.
Then again, they're not done with it, they might still work or be just a short few var replacements away
Customisations Team
Re: Who's With Me With Security Mods?
Ok, I was using the transition from v1.x to v2.x as an example. Some people haven't upgraded officially but changed all the internal code(me!) to pump it up and make it rock like 2.x because 3.x will be a serious overhaul of 2.x and will use totally different classes and vars.battye wrote: night.exe wrote:ve4jhj wrote:but anyone with any sense will have installed v. 2.0.11, so they don't have to worry about that. those that didn't, hopefully did once they were hit. so prior versions are mostly a non-issue.
Actually, some people might not have upgraded from 1.x. Most 1.x MODs aren't compatible with 2.x. When they change the first ver number they've completely overhauled the system, so I doubt a lot of MODs that rely on built in vars and system classes like $db and $template will still work.
Then again, they're not done with it, they might still work or be just a short few var replacements away
I'm confused, what does phpBB v1.x have to do with this topic? Confused