Pete! Upgrade PHPBB!!!

Discuss whatever you want here--both QB and non-QB related. Anything from the DEF INT command to the meaning of life!

Moderators: Pete, Mods

Post Reply
XMark
Newbie
Posts: 7
Joined: Sat Sep 04, 2004 2:59 pm
Location: Vancouver
Contact:

Pete! Upgrade PHPBB!!!

Post by XMark »

Yo, pete, I just noticed you're running phpbb 2.0.6 on this site. I know from personal experience that this version has a major security exploit that can give hackers access to all your website's data. I know because it happened to me (twice actually). The first time my homepage got defaced and the second time they installed some kind exploit on my system that did bad stuff that I don't really understand, but my web host suspended my account because of it.

So yeah, you gotta upgrade to 2.0.11 as soon as possible. Just a friendly warning :)
Z!re
Veteran
Posts: 887
Joined: Wed Aug 04, 2004 11:15 am

Post by Z!re »

I doubt there are any security holes in 2.0.6
I have left this dump.
MystikShadows
Veteran
Posts: 703
Joined: Sun Nov 14, 2004 7:36 am
Contact:

Post by MystikShadows »

That's what I was saying when I had a phpNuke website...the version I used was "known to be secure" and after 2 months...some brazilian hacking crew made sure I'd never use it again.....soooooooooo....I don't go by what I read anymore, I go by what I know and an find out..... :-)
When God created light, so too was born, the first Shadow!

MystikShadows

Need hosting? http://www.jc-hosting.net

Interested in Text & ASCII development? Look no further!
http://www.ascii-world.com
XMark
Newbie
Posts: 7
Joined: Sat Sep 04, 2004 2:59 pm
Location: Vancouver
Contact:

Post by XMark »

Z!re wrote:I doubt there are any security holes in 2.0.6
Tell that to the hackers that screwed up my site through PHPBB 2.0.6 twice.
Z!re
Veteran
Posts: 887
Joined: Wed Aug 04, 2004 11:15 am

Post by Z!re »

Like I said, i doubt it was because of phpbb 2.0.6

More likely because you installed some crappy program which had a trojan or backdoor... or you were ust silly enough to use "god" or other stupid password.


Passwords are MD5 hashed in phpbb, so you can't get to them, all youca get is the info already available in each users profile.
I have left this dump.
XMark
Newbie
Posts: 7
Joined: Sat Sep 04, 2004 2:59 pm
Location: Vancouver
Contact:

Post by XMark »

Nope, I can't exactly install programs on my webspace considering that the server is over at Lunarpages. And my password is strong (long, alphanumeric, makes no logical sense whatsoever)

Here's the word from the developers themselves:
http://www.phpbb.com/phpBB/viewtopic.php?t=244451
marinedalek
Coder
Posts: 12
Joined: Sun Oct 10, 2004 4:46 am
Contact:

Post by marinedalek »

I also would strongly recommend upgrading to 2.0.11 - 2.0.6 is very dated and should have been upgraded ages ago to 2.0.7,8,9 and 10 before 11 even came out.
Post Reply