December 14th, 2001, 08:24 AM
Plz help on my PhPbb !
i was wondering if my PhPbb v1.4.0 is as safe as i think..
at which way could it be hacked/cracked ??
i'd like to test the method on my own php. so i can fill the leaks manually,
anyways, thanx a Great great lot,
December 14th, 2001, 09:30 AM
hmm well it didnt took me long to look for an exploit for phpbb...
well look at it this way... everything is hackable.. whether its a php or a firewall.. to be honest i can find an exploit for almost EVERYTHING.. and even if there is no explit written availabe right now.. there will be soon.. in good time...
just like WinNT.. back when it was just released.. damn all net admins were heralding it as the best OS for networking.. and very secure.. now? damn i can find tons of exploits written for NT..
so always keep this in mind.. everything is hackable.. its just a matter of preventing it...
December 14th, 2001, 09:44 AM
yeah sonic, i guess you ARE right.
anyways,. what kinda eXploits are available @ this time for V1.4.0 ?
hmm, i could look, if im exploitable, ?!
yu are right, everything is hackable, but the one thing is, you must have a great sense of logical to act with the information you carry around in your head (or laptop
would you be so kind, and post some scripts that you have found ? (or URL's ?)
hehe, i'm very gratefull, and i hope you'll reply ":P
December 15th, 2001, 01:06 PM
Go to http://www.nessus.org and get nessus and all of the exploit simulations. Read the docs, instructions, etc.
Run nessus against your box(s)
It will tell you *exactly* where your holes are, how to fix them and the level of risk that they pose.
Unix/Linux users should not ever wonder if their system is vulnerable with all of the system/network security inspection tools that we have available.
Running the latest and greatest software in any OS is not always the smart thing. We have seen over and over again in the Unix world that the *newest* version of software X has a nasty security leak. Take the time to research potential security issues with the software you want to install before you do it.
Three great examples of this were:
BIND = 9.x is a security nightmare 8.x was pretty secure
9.x buffer overflow expoits gave attacker root
SendMail = 1 version ago was insecure as hell
simple buffer overflow gave attacker root
BSD Telnet = 1 version ago
"ditto" gave attacker root from a simple buffer overflow.
Moral of the story, " * Newer Is Not Better * " until it has been tested and retested and tested again.
Hope you get it locked down tight. Do yourself a favor and become familiar with the Unix security inspection tools, they will help you sleep better at night.
Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.
Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.