Web Hosting Forums

Results 1 to 7 of 7

This is a discussion on phpBB user hacking/exploits? in the Hosting Talk & Chit-chat forum
Not sure if this is the right place to post or not, but if it's not I'm sure Galen will flame me... I'm running phpBB ...

  1. #1
    Loyal Client
    Join Date
    Jul 2004
    Location
    Tampa, FL
    Posts
    20

    phpBB user hacking/exploits?

    Not sure if this is the right place to post or not, but if it's not I'm sure Galen will flame me...

    I'm running phpBB and have recently seen a lot of signups on the board (a closed board) and they seem to be following a similar pattern... Is signing up for a bulletin board account a way for hackers/spammers to get whatever it is they're looking for? The user names generally start with "A" or "-" and most of them appear to originate from overseas ([email protected] being the most recent.) I'm mostly just curious about this, as I generally just go in and delete the offending user.

  2. #2
    Yeah, I know a LOT! Vin DSL's Avatar
    Join Date
    Mar 2003
    Location
    Arizona Uplands
    Posts
    10,661
    What version are you running?

    I had 'problems' like this a year or so ago. LoL! Some hacker actually set himself up as a moderator.
    DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.

    No Guts, No Story! VinDSL 2010

  3. #3
    Loyal Client
    Join Date
    Jul 2004
    Location
    Tampa, FL
    Posts
    20
    I'm running 2.0.5. I think my question is largely academic, since new users must be verified by me after signing up. I just delete the user and I suppose there's no harm done.

  4. #4
    Yeah, I know a LOT! Vin DSL's Avatar
    Join Date
    Mar 2003
    Location
    Arizona Uplands
    Posts
    10,661
    Oops! I guess I misread your post. I thought you were saying your board was closed and you were still getting signups.
    DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.

    No Guts, No Story! VinDSL 2010

  5. #5
    Loyal Client
    Join Date
    Jul 2004
    Location
    Tampa, FL
    Posts
    20
    Nah, I'm sure I explained it wrong... I just tried to find where I set all the perms, but can't seem to stumble across the right place while watching Monday Night Football, wiping salsa off my coffee table, and trying not to spill any inordinate amounts of beer. ;-)

    Like I said, this was more of a curiosity than anything else. I think the forum itself is open, but the user signup is set to "Dictatorship" (or whatever the phpBB term for admin authorization is.)

  6. #6
    Yeah, I know a LOT! Vin DSL's Avatar
    Join Date
    Mar 2003
    Location
    Arizona Uplands
    Posts
    10,661
    LoL! Have fun!

    Anyway, in order to satisfy your curiosity, I really don't think hackers can cause any more trouble being members than being visitors. At least I've never heard of such a thing.

    A good hacker can set himself up as the admin and kick you off the board without ever registering as a member, thanks to MySQL 4.x UNION attacks and such.

    If I was you, I'd upgrade to 2.0.10, just to play it safe...
    DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.

    No Guts, No Story! VinDSL 2010

  7. #7
    Loyal Client
    Join Date
    Jul 2004
    Location
    Tampa, FL
    Posts
    20
    Will do. My Fantasy Football site isn't a matter of national security, so I may wait until the Bucs win a game.

    Wait... By that time it MIGHT be a matter of national security, so I might as well go ahead and do it sometime in the next week or so.

    Thanks for the comments, Vin!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •