Page 1 of 1

PHPBB and some angry turkish hackers...

Posted: Tue Mar 07, 2006 7:57 am
by Skittlewidth
One of the sites that the company I work for built way way back before I came on to the scene has had its PHPBB forum hacked by Turkish hackers. The fact that the forum was vulnerable didn't surprise me since it was running 2.0.11, so I've upgraded it to 2.0.19 (changed files only) but the problem still remains.

Only the root index.php file has been affected, although unlike a previous attack we suffered last month on a site's actual homepage the file hasn't simply been replaced by a new one. I've checked through the database (thankfully it is a little used forum) and I can't find anything untoward in there, but I can't say for sure I've looked in the right places. Replacing the index.php file hasn't helped.

I am waiting for the go ahead to restore the database from last weeks back up. Can't see an .htaccess file so far, but will continue to look.

So, how have they done it? Is there a vulnerablity in the index.php page?!

Posted: Tue Mar 07, 2006 8:29 am
by Skittlewidth
Sort of figured it out.

They had created a new forum on the index page and injected an html document into the forum description which was displaying over the regular page. Deleting this entry restored the forum to normaility.

Still not entirely sure how they managed to get the permissions to do this (we've deleted the last registered user just incase, especially since they hadn't made any posts, and it was a couple of days before we noticed the site went down).

Posted: Thu Mar 09, 2006 6:14 am
by Maugrim_The_Reaper
It happens all the time. phpBB doesn't really have a full blown input filtering/data escaping layer distinct from it's other code. As a result the coverage is spotty and new vulnerabilities are inevitable. The best protection for phpBB is to keep to the most recent version at all times - you admin panel probably lets you know if your current version is out of date.