Page 1 of 2
[Mild Rant] phpBB hackers
Posted: Sat Aug 05, 2006 8:52 pm
by Nathaniel
A client's phpbb just got hacked because it was 2.0.20 instead of 2.0.21... replaced a dozen files' content with "by Thehacker". Grrr.
Us DevNetworkers need to make a TDD + OOP + Secure + Usable forum package someday.
Nathaniel, who does not really want to make time to upgrade phpbb whenever a hole is found
Posted: Sat Aug 05, 2006 8:54 pm
by feyd
Defacers are such a low breed of hacker.
Posted: Sat Aug 05, 2006 8:56 pm
by Nathaniel
Oh yeah, no one go on a big rant about how they're really crackers, please. I don't care if they're peanut butter and jelly sandwiches. They just suck.
Posted: Sat Aug 05, 2006 9:31 pm
by Ambush Commander
Oh dear... I'm still running 2.0.19
Posted: Sat Aug 05, 2006 10:00 pm
by AKA Panama Jack
You could always try the phpBB3 beta.

I installed it on two of my forums and it looks really nice and alot more admin features. Don't know if it is any more secure or not.
Posted: Sat Aug 05, 2006 10:02 pm
by Ambush Commander
I doubt it. Plus, remember that they might not support an upgrade path to the real version.
Posted: Sun Aug 06, 2006 3:06 am
by daedalus__
I could go on a bit rant about how they are really crackers, but won't.
They just suck.
Sorry dood.
That guy is nub-core.
Posted: Sun Aug 06, 2006 4:36 am
by Benjamin
feyd wrote:Defacers are such a low breed of hacker.
Totally.
Posted: Sun Aug 06, 2006 7:03 am
by thiscatis
Invision Power Board is being hacked too a lot lately.
Posted: Sun Aug 06, 2006 8:43 am
by jayshields
You could always try the phpBB3 beta. Smile I installed it on two of my forums and it looks really nice and alot more admin features. Don't know if it is any more secure or not.
Lol, I googled for some screenshots, found "Cow's Blog". He
discusses the admin panel, and then links to a previous blog post with
some weird CAPTCHA's, LOL, can't believe that...!
Posted: Sun Aug 06, 2006 9:33 am
by Benjamin
Those "weird captcha's" should be added to the "How to not get new members" list. OMG Those are interesting and um.. hard to read
Posted: Sun Aug 06, 2006 9:39 am
by Ambush Commander
The last three are bearable, at least for me. But the first one... OMGWTF?
Invision Power Board is being hacked too a lot lately.
Because ever since IPB became non-free, people have been using the old, "free" versions, which are maintained and have many security problems (I actually used to use IPB, but then I discovered a hack that gave you instant admin access... and switched to phpBB)
I could go on a bit rant about how they are really crackers, but won't.
Well, they're probably just script-kiddies.
Posted: Sun Aug 06, 2006 9:53 am
by RobertGonzalez
The phpBB developers are constantly faced with two wildly different, but equally annoying, groups of people: Developers and Users. Developers want more Security and control features. Users want an easier to use experience. It seems every other version is a volley between the two. I'm not sure they will ever get this thing right. Of course, just about all boards are vulnerable to some form of misaligned hackdog, but it seems like phpBB is targeted. Not sure why, but I think it is.
Posted: Sun Aug 06, 2006 12:33 pm
by klarinetking
Everah is right, and in regards to the CAPTCHA's, I'd like to point out the following topic
here. They've been asked for more secure CAPTCHA's, and there they are (although maybe too hard) and now other people are complaining. At least they're trying their best to satisfy everyone
klarinetking
Posted: Sun Aug 06, 2006 2:00 pm
by Nathaniel
I just discovered that the problem was actually the "custom kernel NAC installed is vulnerable to a root exploit." We moved to a new server yesterday, so that's why the problem hadn't been found before. Anyway, they fixed the kernel, and maybe I can procrastinate upgrading to 2.0.21 for a while.
