|
-
August 11th, 2004, 06:30 PM
#1
Junior Member
phpBB
i and currently putting up a small forum for me and my freinds to mess around on. I am using phpbb till i buy vbulletin. And the other day i got flooded with members from a proxy i guess. So i put up a anti robotic register mod. And then the next day i get hacked. Is there any way to make phpbb more secure i have the newest version out. Or should i just wait and buy vbulletin? 
When all else fails, blame Canada.
-
August 11th, 2004, 06:39 PM
#2
Get a strong password, make sure your ftp and ssh servers are up to date on your host, as well as the web server itself. Once that is taken care of, if you own your server and have root, run some AV and Spyware and just rule out any lingering malware.
Make sure you are getting phpbb from the source, phpbb.com. Latest version is 2.0.10 I believe.
What was the "hack"? Was it a defacement or a screw around with phpbb itself?
-
August 11th, 2004, 06:41 PM
#3
Wow, how many enemies did you make my friend?
Traditionally, PHPbb has a history of security problems, but mostly because of end user installation and modification mistakes. For instance, some leave the config files at 777, have .htaccess files writable, and even have no password to the database. Lastly, weak passwords can do really bad things to you too.
Another thing to consider is to see how you got hacked in the first place. Check logs, who defaced it, and most will tell you how they defaced it. Some other places to check are the PHPbb forums and google to see if there are any known exploits for it.
If you do not have or want to spend the money, check other bb's out there.
http://opensourcecms.com and "try before you install" it's a very nice resource.
-
August 11th, 2004, 07:19 PM
#4
L0w M3m0ry -
You are alone in this. I have had my database compromised before using phpBB so I moved to Vbulletin and haven't had an issue since. My entire phpBB database was deleted and the logs didn't show a thing. So I took it as a lessoned learned and reinstated my back up and started to change my password regularly. After a bit I ended up moving to Vbull and I have never looked back.
The only downside of Vbulletin is having to pay the certain fee.
- MilitantEidolon
Yeah thats right........I said It!
Ultimately everyone will have their own opinion--this is mine.
-
August 11th, 2004, 07:32 PM
#5
phpBB isnst famous as "best secure bb".
you can get other CMS for free as www.phpnuke.org OR
take a look at this ($)
http://www.invisionboard.com/
inst bad too
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
August 11th, 2004, 08:30 PM
#6
Originally posted here by cacosapo
phpBB isnst famous as "best secure bb".
you can get other CMS for free as www.phpnuke.org
Hah, if phpBB isn't famous for it's security then PHP-Nuke sure as hell isn't. It's one of the buggiest PHP scripts I've ever had the misfortune to come into contact with.
WRT to phpBB forums getting cracked, there are some automated bots that go round searching for forums powered by phpBB so that people can then try and break into them/make spam submissions.
-
August 11th, 2004, 08:39 PM
#7
It's one of the buggiest PHP scripts I've ever had the misfortune to come into contact with.
Free software, Free bugs...
here: http://www.karakas-online.de/EN-Book/ you can find some "countermeasures" about php-nuke buggies. Not solve all (there is a lot of "Injections")
BTW, new version (7.4) needs $$$. Crap. d/l previous one.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
August 11th, 2004, 08:41 PM
#8
i forgot that: you have access to it, block spiders to index your CMS site (unless you want that). At least, your buggies wont appear at google. 
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
August 11th, 2004, 08:47 PM
#9
Junior Member
hrm
I pay for my server, i dont have my own. I do change my passwords weekly. I know who is doing it (username anyways) and i have his ip, whats the next step? My server comes with invision should i use that instead? When i say "hacked" someone somehow, deleted all of the boards posts, and topics. Deleted my username. and inverted all of my boards colors.
When all else fails, blame Canada.
-
August 11th, 2004, 09:02 PM
#10
i have some friends that use Invision on a clan site. I cant say that is more or less secure than others. you may need to dig that information. Aparentelly, they like invision and it has a great visual.
I like phpnuke. But as pwaring noticed, isnt better (or maybe is worse) than phpBB.
If u want some support about weakness, i would advice to buy a software that includes support. Or use the ISP one, if support is included.
A very good Brazilian security site runs vbulletin now. I will ask the owner what are his impressions about this.
There is lot of "holes" on those CMS nowadays
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
