PHbb question (secruity)
Results 1 to 4 of 4

Thread: PHbb question (secruity)

  1. #1

    PHbb question (secruity)

    i heard from my friends that there is a way to do something in a phbb forum as a user that will allow the user to change the homepage of the domain that the forum is located... is this true/possible?

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    phpBB and phpNuke are continuously patching vulnerabilities... you can always download the latest patches from the respected product... (www.phpbb.org)
    yeah, I\'m gonna need that by friday...

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    452

    Re: PHbb question (secruity)

    Originally posted here by id244161013111
    i heard from my friends that there is a way to do something in a phbb forum as a user that will allow the user to change the homepage of the domain that the forum is located... is this true/possible?
    There are two ways to do what you just mentioned, but not to worry, they are both rather difficult to do.
    First, if you wanted to change the domain, you would have to hi-jack the dns servers that are supporting the site. Most sites have at least a primary and a secondary dns server, some site's even have more. So, someone would basically have to take over your domain name servers in order to completely steal your traffic.

    Secondly, about being able to change the homepage, someone would need to be able to either access your database, which normally points to your domain or have access to your scripts on the server. In either case, if people are doing that, you've got bigger problems then someone stealing your traffic. But if you normally keep a secure server, you've got nothing to worry about from that particular threat.

    I don't want to give misleading info, there normally are security patches being issued for that software, but then again, there are several ways to secure php and the apache webserver. Make sure that existing file permissions are set in a paranoid method, never run your webserver as the root users. Look into creating a chroot jail for the services you offer. There's alot more you can do, but I won't get into that now, I'll wait for more people to contribute to this thread.

    Hope this info helps.


    --PuRe www.pureescape.net
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  4. #4
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    As tampabay stated, php apps(and any other) have security issues emerging all the time as the technology evolves and becomes more widespread, naturally baddies will find exploits which could be used for web defacement among other things. Many of the exploits used on php based programs implement XSS(Cross site scripting) I suggest reading up on any app and its vulnerabilities before installing it. Heres some php/phbb links to get you started....

    http://www.securityfocus.com/infocus/1706
    http://httpd.apache.org/info/css-sec..._examples.html
    http://icat.nist.gov/icat.cfm?cvename=CAN-2002-0473

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •