[Mild Rant] phpBB hackers

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

User avatar
Nathaniel
Forum Contributor
Posts: 396
Joined: Wed Aug 31, 2005 5:58 pm
Location: Arkansas, USA

[Mild Rant] phpBB hackers

Post by Nathaniel »

A client's phpbb just got hacked because it was 2.0.20 instead of 2.0.21... replaced a dozen files' content with "by Thehacker". Grrr.

Us DevNetworkers need to make a TDD + OOP + Secure + Usable forum package someday.

Nathaniel, who does not really want to make time to upgrade phpbb whenever a hole is found
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Defacers are such a low breed of hacker.
User avatar
Nathaniel
Forum Contributor
Posts: 396
Joined: Wed Aug 31, 2005 5:58 pm
Location: Arkansas, USA

Post by Nathaniel »

Oh yeah, no one go on a big rant about how they're really crackers, please. I don't care if they're peanut butter and jelly sandwiches. They just suck.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Oh dear... I'm still running 2.0.19
User avatar
AKA Panama Jack
Forum Regular
Posts: 878
Joined: Mon Nov 14, 2005 4:21 pm

Post by AKA Panama Jack »

You could always try the phpBB3 beta. :) I installed it on two of my forums and it looks really nice and alot more admin features. Don't know if it is any more secure or not.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

I doubt it. Plus, remember that they might not support an upgrade path to the real version.
User avatar
daedalus__
DevNet Resident
Posts: 1925
Joined: Thu Feb 09, 2006 4:52 pm

Post by daedalus__ »

I could go on a bit rant about how they are really crackers, but won't.

They just suck. :(

Sorry dood.

That guy is nub-core.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

feyd wrote:Defacers are such a low breed of hacker.
Totally.
thiscatis
Forum Contributor
Posts: 434
Joined: Thu Jul 20, 2006 11:00 am

Post by thiscatis »

Invision Power Board is being hacked too a lot lately.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

You could always try the phpBB3 beta. Smile I installed it on two of my forums and it looks really nice and alot more admin features. Don't know if it is any more secure or not.
Lol, I googled for some screenshots, found "Cow's Blog". He discusses the admin panel, and then links to a previous blog post with some weird CAPTCHA's, LOL, can't believe that...!
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Those "weird captcha's" should be added to the "How to not get new members" list. OMG Those are interesting and um.. hard to read
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

The last three are bearable, at least for me. But the first one... OMGWTF?
Invision Power Board is being hacked too a lot lately.
Because ever since IPB became non-free, people have been using the old, "free" versions, which are maintained and have many security problems (I actually used to use IPB, but then I discovered a hack that gave you instant admin access... and switched to phpBB)
I could go on a bit rant about how they are really crackers, but won't.
Well, they're probably just script-kiddies.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

The phpBB developers are constantly faced with two wildly different, but equally annoying, groups of people: Developers and Users. Developers want more Security and control features. Users want an easier to use experience. It seems every other version is a volley between the two. I'm not sure they will ever get this thing right. Of course, just about all boards are vulnerable to some form of misaligned hackdog, but it seems like phpBB is targeted. Not sure why, but I think it is.
klarinetking
Forum Commoner
Posts: 59
Joined: Mon Jul 24, 2006 9:43 am

Post by klarinetking »

Everah is right, and in regards to the CAPTCHA's, I'd like to point out the following topic here. They've been asked for more secure CAPTCHA's, and there they are (although maybe too hard) and now other people are complaining. At least they're trying their best to satisfy everyone ;)

klarinetking
User avatar
Nathaniel
Forum Contributor
Posts: 396
Joined: Wed Aug 31, 2005 5:58 pm
Location: Arkansas, USA

Post by Nathaniel »

I just discovered that the problem was actually the "custom kernel NAC installed is vulnerable to a root exploit." We moved to a new server yesterday, so that's why the problem hadn't been found before. Anyway, they fixed the kernel, and maybe I can procrastinate upgrading to 2.0.21 for a while. :)
Post Reply