Dear friends,
My forum (3000 users, 400.000 posts) got hacked after I changed cookie name and path.
Someone became admin and gave admin rights to all users.
I had no idea of PhpBB internals and did not know that I had to truncate (drop all records) in the session tables.
Could it become an automatic feature of PhpBB ?
When changing cookie name, all sessions should be reset.
Under postgresql, you can use "truncate table_name" to clear all records in a table.
I am probably not the only one in this case.
I opened a bug, but people said it was a support issue.
False !! It is a clear bug.
Kind regards,
JM
Urgent : truncate sessions while changing cookies
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
- A_Jelly_Doughnut
- Registered User
- Posts: 1780
- Joined: Wed Jun 04, 2003 4:23 pm
Re: Urgent : truncate sessions while changing cookies
Cookies simply don't work that way. I can't deny that it happened, but it was not through this avenue.jmpoure wrote:Dear friends,
My forum (3000 users, 400.000 posts) got hacked after I changed cookie name and path.
Someone became admin and gave admin rights to all users.
A_Jelly_Doughnut