PHPBB and some angry turkish hackers...
Posted: Tue Mar 07, 2006 7:57 am
One of the sites that the company I work for built way way back before I came on to the scene has had its PHPBB forum hacked by Turkish hackers. The fact that the forum was vulnerable didn't surprise me since it was running 2.0.11, so I've upgraded it to 2.0.19 (changed files only) but the problem still remains.
Only the root index.php file has been affected, although unlike a previous attack we suffered last month on a site's actual homepage the file hasn't simply been replaced by a new one. I've checked through the database (thankfully it is a little used forum) and I can't find anything untoward in there, but I can't say for sure I've looked in the right places. Replacing the index.php file hasn't helped.
I am waiting for the go ahead to restore the database from last weeks back up. Can't see an .htaccess file so far, but will continue to look.
So, how have they done it? Is there a vulnerablity in the index.php page?!
Only the root index.php file has been affected, although unlike a previous attack we suffered last month on a site's actual homepage the file hasn't simply been replaced by a new one. I've checked through the database (thankfully it is a little used forum) and I can't find anything untoward in there, but I can't say for sure I've looked in the right places. Replacing the index.php file hasn't helped.
I am waiting for the go ahead to restore the database from last weeks back up. Can't see an .htaccess file so far, but will continue to look.
So, how have they done it? Is there a vulnerablity in the index.php page?!