i heard from my friends that there is a way to do something in a phbb forum as a user that will allow the user to change the homepage of the domain that the forum is located... is this true/possible?
Printable View
i heard from my friends that there is a way to do something in a phbb forum as a user that will allow the user to change the homepage of the domain that the forum is located... is this true/possible?
phpBB and phpNuke are continuously patching vulnerabilities... you can always download the latest patches from the respected product... (www.phpbb.org)
There are two ways to do what you just mentioned, but not to worry, they are both rather difficult to do.Quote:
Originally posted here by id244161013111
i heard from my friends that there is a way to do something in a phbb forum as a user that will allow the user to change the homepage of the domain that the forum is located... is this true/possible?
First, if you wanted to change the domain, you would have to hi-jack the dns servers that are supporting the site. Most sites have at least a primary and a secondary dns server, some site's even have more. So, someone would basically have to take over your domain name servers in order to completely steal your traffic.
Secondly, about being able to change the homepage, someone would need to be able to either access your database, which normally points to your domain or have access to your scripts on the server. In either case, if people are doing that, you've got bigger problems then someone stealing your traffic. But if you normally keep a secure server, you've got nothing to worry about from that particular threat.
I don't want to give misleading info, there normally are security patches being issued for that software, but then again, there are several ways to secure php and the apache webserver. Make sure that existing file permissions are set in a paranoid method, never run your webserver as the root users. Look into creating a chroot jail for the services you offer. There's alot more you can do, but I won't get into that now, I'll wait for more people to contribute to this thread.
Hope this info helps.
--PuRe www.pureescape.net
As tampabay stated, php apps(and any other) have security issues emerging all the time as the technology evolves and becomes more widespread, naturally baddies will find exploits which could be used for web defacement among other things. Many of the exploits used on php based programs implement XSS(Cross site scripting) I suggest reading up on any app and its vulnerabilities before installing it. Heres some php/phbb links to get you started.... :)
http://www.securityfocus.com/infocus/1706
http://httpd.apache.org/info/css-sec..._examples.html
http://icat.nist.gov/icat.cfm?cvename=CAN-2002-0473
-Maestr0