Who's With Me With Security Mods?

Eternal2u · Post by **Eternal2u** » Sun Feb 06, 2005 1:50 am

is it just me or when phpBB.com comes back up, am i gona be the only one installing every security mod known to man on there?

**Edit in

oh yea congrats to the phpBB 2.2 (now 3.0) team, it's good to kno that we'll have alot more secure phpBB board to rely on..no offense really..phpBB 2.0.x was a incredible forum..best out there still even with the updated vB and ipb..so...

Good *beep* that phpBB 3.0 will be beta released soon

Martin Blank · Post by **Martin Blank** » Sun Feb 06, 2005 4:37 am

The evidence mentioned in other threads suggests that it was not a problem with phpBB, but with another application installed on the server. I've gone off and checked my own box, and have determined that I already patched this problem a week or so ago.

Be careful with installing a lot of security mods, because some of them are window dressing at best, and can open you up to other issues at worst.

night.exe · Post by **night.exe** » Sun Feb 06, 2005 4:41 am

You can't use phpBB software to change file content, that's server hackery. The only function php 3,4 and 5 have to change files is fopen() and that's not used anywhere in phpBB code.

Post by **battye** » Sun Feb 06, 2005 4:58 am

night.exe wrote: You can't use phpBB software to change file content, that's server hackery. The only function php 3,4 and 5 have to change files is fopen() and that's not used anywhere in phpBB code.

Well not in 2.0.11, in the previous versions you could be defaced with the Santy worm.

night.exe · Post by **night.exe** » Sun Feb 06, 2005 5:09 am

battye wrote: night.exe wrote:You can't use phpBB software to change file content, that's server hackery. The only function php 3,4 and 5 have to change files is fopen() and that's not used anywhere in phpBB code.

Well not in 2.0.11, in the previous versions you could be defaced with the Santy worm.

True, but that requires a PERL server, if you're hosted on a PHP+MySQL but no PERL server, you're fine. Another way to get around it was to make your $phpEx var ".php3" although that extension is officially depreceated, it is still recognized by most PHP configurations.

That was a terror, it used PhpBB to get the password and server name for your FTP and replaced all of the files with .htm", .php, .asp, .shtm, .jsp and .phtm to say "This site is defaced!!!"

Btw, non-PERL servers are hard to find with PHP.

ve4jhj · Post by **ve4jhj** » Sun Feb 06, 2005 5:11 am

but anyone with any sense will have installed v. 2.0.11, so they don't have to worry about that. those that didn't, hopefully did once they were hit. so prior versions are mostly a non-issue.

and what night.exe said.

Post by **battye** » Sun Feb 06, 2005 5:16 am

Good points, most people have upgraded, or at the very least added the code fix to viewtopic.php, so yes I agree, the Santy worm is a non-issue now.

night.exe · Post by **night.exe** » Sun Feb 06, 2005 5:19 am

ve4jhj wrote: but anyone with any sense will have installed v. 2.0.11, so they don't have to worry about that. those that didn't, hopefully did once they were hit. so prior versions are mostly a non-issue.

Actually, some people might not have upgraded from 1.x. Most 1.x MODs aren't compatible with 2.x. When they change the first ver number they've completely overhauled the system, so I doubt a lot of MODs that rely on built in vars and system classes like $db and $template will still work.

Then again, they're not done with it, they might still work or be just a short few var replacements away

Post by **battye** » Sun Feb 06, 2005 5:35 am

night.exe wrote:
ve4jhj wrote: but anyone with any sense will have installed v. 2.0.11, so they don't have to worry about that. those that didn't, hopefully did once they were hit. so prior versions are mostly a non-issue.
Actually, some people might not have upgraded from 1.x. Most 1.x MODs aren't compatible with 2.x. When they change the first ver number they've completely overhauled the system, so I doubt a lot of MODs that rely on built in vars and system classes like $db and $template will still work.

Then again, they're not done with it, they might still work or be just a short few var replacements away

I'm confused, what does phpBB v1.x have to do with this topic?

night.exe · Post by **night.exe** » Sun Feb 06, 2005 5:46 am

battye wrote: night.exe wrote:ve4jhj wrote:but anyone with any sense will have installed v. 2.0.11, so they don't have to worry about that. those that didn't, hopefully did once they were hit. so prior versions are mostly a non-issue.

Actually, some people might not have upgraded from 1.x. Most 1.x MODs aren't compatible with 2.x. When they change the first ver number they've completely overhauled the system, so I doubt a lot of MODs that rely on built in vars and system classes like $db and $template will still work.

Then again, they're not done with it, they might still work or be just a short few var replacements away

I'm confused, what does phpBB v1.x have to do with this topic? Confused

Ok, I was using the transition from v1.x to v2.x as an example. Some people haven't upgraded officially but changed all the internal code(me!) to pump it up and make it rock like 2.x because 3.x will be a serious overhaul of 2.x and will use totally different classes and vars.

Development Discussion Board

Who's With Me With Security Mods?

Who's With Me With Security Mods?

Re: Who's With Me With Security Mods?

Re: Who's With Me With Security Mods?

Re: Who's With Me With Security Mods?

Re: Who's With Me With Security Mods?

Re: Who's With Me With Security Mods?

Re: Who's With Me With Security Mods?

Re: Who's With Me With Security Mods?

Re: Who's With Me With Security Mods?

Re: Who's With Me With Security Mods?