Originally posted here by id244161013111
i heard from my friends that there is a way to do something in a phbb forum as a user that will allow the user to change the homepage of the domain that the forum is located... is this true/possible?
There are two ways to do what you just mentioned, but not to worry, they are both rather difficult to do.
First, if you wanted to change the domain, you would have to hi-jack the dns servers that are supporting the site. Most sites have at least a primary and a secondary dns server, some site's even have more. So, someone would basically have to take over your domain name servers in order to completely steal your traffic.

Secondly, about being able to change the homepage, someone would need to be able to either access your database, which normally points to your domain or have access to your scripts on the server. In either case, if people are doing that, you've got bigger problems then someone stealing your traffic. But if you normally keep a secure server, you've got nothing to worry about from that particular threat.

I don't want to give misleading info, there normally are security patches being issued for that software, but then again, there are several ways to secure php and the apache webserver. Make sure that existing file permissions are set in a paranoid method, never run your webserver as the root users. Look into creating a chroot jail for the services you offer. There's alot more you can do, but I won't get into that now, I'll wait for more people to contribute to this thread.

Hope this info helps.


--PuRe www.pureescape.net