It seems my phpBB forum was hacked earlier this evening. Some script kiddie changed the banner. I thought PowWeb udpated their PHP installations to prevent against the exploit?

Do you have the latest phpBB version. Powweb is not responsible for the versions of your software so it is up to you to make sure that you have the latest version.

Check your version and download from here - http://www.phpbb.com/downloads.php

Do you have the latest phpBB version. Powweb is not responsible for the versions of your software so it is up to you to make sure that you have the latest version.

I'm a patch off. However, the exploit was not that of phpBB. It's the exploit for PHP that has been addressed in 4.3.10 and 5.0.3.

PowWeb has been running those PHP versions for a month. PowWeb does not update user software. The attack was most likely through a hole in phpBB.

hello,

(1) woulkd advise you to atleast place a .htaccess security at your admin folder, this will double the security to the controls of your board. Of course make that a different password, so you have the php security of the board software and the .htaccess to protect that board control. This is VERY IMPORTANT to maintain control of boards.

(2) get the latest board software and update it, is version phpBB-2.0.11 today, this is far more secure than prior versions.

(3) in your .htaccess block "deny all from .ru" since about 90% of the hacks, robots, and spammers attacking phpbb boards are from ".ru" domains these days, I don't even let them into my server at all.

Good advice there quark6

Also Chmod all .php files to 600 except the index.php make it 644
Always use alphanumeric user/pass words eg: china.5.white

(3) in your .htaccess block "deny all from .ru" since about 90% of the hacks, robots, and spammers attacking phpbb boards are from ".ru" domains these days, I don't even let them into my server at all.If these hackers are so good why are they stupid enough to send you a referer code so you can block them at the domain name level? Hard to believe.

If these hackers are so good why are they stupid enough to send you a referer code so you can block them at the domain name level? Hard to believe.

Hi B&T, Oh, not sure how good they are, they are fairly obvious about what they are doing. but I can easily see that they are either from or proxy from/through ".ru" They have spiders that will create bogus accounts with bogus email addresses just to create links to ".ru" domains. They will spider in ignoring the robots.txt files, fall into spider traps etc. My logs are full of this traffic every day till I just decided, why would I allow people from various ".ru" domains to do this. Between spider and bot traps, htaccess security of the admin folder, and keeping anybody from ".ru" off the site, it was HUGE improvement.

Hi CrocHunter, have you tried this chmod on a phpbb board that you are recommending? I have never heard that advice. I'm not a newbie but am still learning every day, can you explain briefly what effect that has. And if you have done that on a phpbb board I'd like to know that specifically.

Hi CrocHunter, have you tried this chmod on a phpbb board that you are recommending? I have never heard that advice. I'm not a newbie but am still learning every day, can you explain briefly what effect that has. And if you have done that on a phpbb board I'd like to know that specifically.Yes you can do that to a phpBB forum. To any forum. I always do. All file.php 600 except index.php 644 and folders need to be 755 or 744 if you wish.

755 being drwxr-xr-x-
644 being -rw-r--r--
600 being -rw-------

Chmod explained: Chmod gives or denies rights to view and use files. It is divided into three Owner, Group, Other. You are the Owner. Group are people you share your server with. Other is the public - your visitors. The first set of letters tell what you, the owner of the file have permission to do. An r means you are permitted to read the file - you can see it. A w means you may write the file - you can edit it. This includes the ability to delete a file. An x means you may execute the file - you can run things on it. A hyphen in any position means that you don't have that particular permission.

So see 644, the Owner (you) can read and write to the file. The Group (sharing your server) can read it, so can Others (your visitors). Still with me?.. Ok.. so now see 600, only you can read and write on the file. Group and Others can't. Don't worry, the file is still there and is useable by all they just can't read (see) it directly. There are ways to get around this but if a novice hacker can't see it, he/she can't hack it.

Never Chmod anything to 777 or 666

OK, I set all to 600 except the index pages to 644, folders to 755, tested it all and it looks/works good. Thanks for the tip and taking the time to explain that to me.