Yo, pete, I just noticed you're running phpbb 2.0.6 on this site. I know from personal experience that this version has a major security exploit that can give hackers access to all your website's data. I know because it happened to me (twice actually). The first time my homepage got defaced and the second time they installed some kind exploit on my system that did bad stuff that I don't really understand, but my web host suspended my account because of it.
So yeah, you gotta upgrade to 2.0.11 as soon as possible. Just a friendly warning
Pete! Upgrade PHPBB!!!
Pete! Upgrade PHPBB!!!
Mark Hall
Abstract Productions
Abstract Productions
-
- Veteran
- Posts: 703
- Joined: Sun Nov 14, 2004 7:36 am
- Contact:
That's what I was saying when I had a phpNuke website...the version I used was "known to be secure" and after 2 months...some brazilian hacking crew made sure I'd never use it again.....soooooooooo....I don't go by what I read anymore, I go by what I know and an find out.....
When God created light, so too was born, the first Shadow!
MystikShadows
Need hosting? http://www.jc-hosting.net
Interested in Text & ASCII development? Look no further!
http://www.ascii-world.com
MystikShadows
Need hosting? http://www.jc-hosting.net
Interested in Text & ASCII development? Look no further!
http://www.ascii-world.com
Tell that to the hackers that screwed up my site through PHPBB 2.0.6 twice.Z!re wrote:I doubt there are any security holes in 2.0.6
Mark Hall
Abstract Productions
Abstract Productions
Like I said, i doubt it was because of phpbb 2.0.6
More likely because you installed some crappy program which had a trojan or backdoor... or you were ust silly enough to use "god" or other stupid password.
Passwords are MD5 hashed in phpbb, so you can't get to them, all youca get is the info already available in each users profile.
More likely because you installed some crappy program which had a trojan or backdoor... or you were ust silly enough to use "god" or other stupid password.
Passwords are MD5 hashed in phpbb, so you can't get to them, all youca get is the info already available in each users profile.
I have left this dump.
Nope, I can't exactly install programs on my webspace considering that the server is over at Lunarpages. And my password is strong (long, alphanumeric, makes no logical sense whatsoever)
Here's the word from the developers themselves:
http://www.phpbb.com/phpBB/viewtopic.php?t=244451
Here's the word from the developers themselves:
http://www.phpbb.com/phpBB/viewtopic.php?t=244451
Mark Hall
Abstract Productions
Abstract Productions
-
- Coder
- Posts: 12
- Joined: Sun Oct 10, 2004 4:46 am
- Contact: