Welcome to all phpBB2 Refugees!This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.
Posted: Thu Jul 16, 2009 1:47 am Post subject: Hi Community
Hi phpbb2 Refugees
Nice to find a forum to discuss the good old phpbb2
My forum was hacked some days ago, but luckywise the guy was friendly enough to tell me about my security issue. I didn't have a htaccess file to protect my config.php.
So, since i have fixed that issue, i was wondering if there may be some other security issues i might not know about.
Basically i have a phpbb 2.0.23 forum with the following mods: ez_portal ; EasyMOD 0.3.0 ; UploadPic 1.3.7 ; Calenderfunction v.x? ; Birthday 1.6.1
Anyone of you guys can give me a direction weather there are some known security issues with the forum and/or one of those mods known?
Are there some furthermore basic directives on how to make my forum more secure? My htacces now locks config.php, common.php as the folders: db, includes, languages - i didn't lock the admin folder, since i can not open the ACP then. Should i still lock it?
thanks for all your advice ...
morph
//Edit: I have read about the session hijacking problem. But since guests can't post pictures in my forum that shouldn't be a problem for me then?
Posted: Fri Jul 17, 2009 10:35 am Post subject: Re: Hi Community
transm wrote:
How does anyone read config.php? Does it need to be protected?
He/she has to be on your server. In the olden-days of shared hosting, all the sites would use the same Apache user, so someone could just cd into your directory and read the file. Nowadays, (such as on my host) each customer gets his own Apache user, so the ownership rules apply-- you can only read your own files! _________________ Moof!
Lincoln's Tomb, Oak Ridge Cemetery, Springfield IL • Mac 512K Blog • Mac GUI