Solved

MY PHP BB Forum is being hacked very frequently

Posted on 2006-10-23
9
539 Views
Last Modified: 2010-04-11
Im running a PHPBB Forum it is defaced frequently What sld i do  to stop these hackers ?? How are they able to hack ??
I want to know how we can stop that and How they are doing it ??
0
Comment
Question by:abhishek376
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 

Expert Comment

by:elusivetech
ID: 17793705
1. You need to upgrade to the latest version of PHPbb

2. You need to make sure your configuration files are protected properly and viewing access to sensitive files such as config.php is revoked to public.

3. You need to change your existing administration password as well as your MY SQL database password because at this point its probably compromised.

4. After you secure it, you will need to subscribe to phpbb mailing list and ensure you are notified of new releases of the message board.  When new release of the software is released make sure you test and upgrade to the latest version.

Since PHPBB is open source and widely used, hackers and script kiddies are constantly working towards in trying to find vulnerabilities to compromise it.

Follow these steps and you will be fine. If you need additional help, just let me know.

Thanks

- Martin
0
 

Author Comment

by:abhishek376
ID: 17793724
U asked me to secure everything , thats ok my question was that how to secure ?  My php BB forum is Latest 8.0 through i change my forum passwords regularly it is being defaced and abt sql i fing many logs of ips there and i suspect sql injection in to my site

How are they able to deface my site ??
0
 
LVL 27

Accepted Solution

by:
Tolomir earned 64 total points
ID: 17793753
I'm no php expert but this seems to fit for you:

How to Prevent your phpBB Forum from Exploits
http://www.siteground.com/phpbb-security.htm

Tolomir
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 

Assisted Solution

by:elusivetech
elusivetech earned 62 total points
ID: 17793817
Yes . PHPbb was vulnerable for SQL injection attacks.

8.0? HMM

Latest version is 2.0.21 last I checked.

http://www.phpbb2.de/dload.php?action=category&cat_id=2

Here is the latest patch file.


http://www.phpbb2.de/dload.php?action=file&file_id=824

0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 62 total points
ID: 17795225
PHPbb has many flaws, you should reinstall the OS from scratch to ensure that there are no backdoors or trojans installed. Apply all the patches you can and read up in PHPbb security. There were 4 new ones last month alone:  http://www.frsirt.com/english/vendor/2713 http://secunia.com/search/?adv_search=1&s=1&search=phpbb&w=1&vuln_title=1&vuln_software_os=1&vuln_bodytext=1&vuln_cve=1&critical%5B%5D=0&impact%5B%5D=0&where%5B%5D=0
There isn't a patch for all of these, note also that not all versions are vulnerable to all these advisories.
You might also look to see if your IIS is fully patched, IIS6 is M$'s best yet, but Apache is better still, and runs on M$ and other OS's
If running IIS5 or less, run the URLScan and IISlockdown http://www.microsoft.com/technet/security/tools/locktool.mspx
-rich
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 62 total points
ID: 17797558
> What sld i do  to stop these hackers ??
you cannot

> How are they able to hack ??
php and applications build with it are know to have countless vulnerabilities, unfortunatelly

> I want to know how we can stop ..
as said above; you cannot stop others

> .. that and How they are doing it ??
as it is a PHP-based web application, they are most likely using flaws there.
As said previously: reinstall your server from scratch, then replace your PHP application by something better.
It's very hard to configure a OS with a web server running PHP 'cause PHP applications have so much programming errors, you may have a look at: http://www.hardened-php.net/ but I guess that this is hard stuff for you to understand.
0

Featured Post

Increase your protection from Zero Day threats!

Running two Antivirus' is never a good idea.
Taking advantage of Multiple Security layers on the other hand can often save your hide.
See which top notch security software brands have been proven to happily coexist together.
Reduce your chances of becoming a statistic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ADFS trust for Skype 4 27
Port Scan attack in Symantec EndPoint Protection 4 47
ransomware backup 8 138
wannacrypt movement 9 76
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question