phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

Hi Community


 
Search this topic... | Search phpBB2 Discussion... | Search Box
Register or Login to Post    Index » phpBB2 Discussion  Previous TopicPrint TopicNext Topic
Author Message
Morpheus
Board Member



Joined: 16 Jul 2009

Posts: 1



PostPosted: Thu Jul 16, 2009 1:47 am 
Post subject: Hi Community

Hi phpbb2 Refugees

Nice to find a forum to discuss the good old phpbb2

My forum was hacked some days ago, but luckywise the guy was friendly enough to tell me about my security issue. I didn't have a htaccess file to protect my config.php.

So, since i have fixed that issue, i was wondering if there may be some other security issues i might not know about.

Basically i have a phpbb 2.0.23 forum with the following mods: ez_portal ; EasyMOD 0.3.0 ; UploadPic 1.3.7 ; Calenderfunction v.x? ; Birthday 1.6.1

Anyone of you guys can give me a direction weather there are some known security issues with the forum and/or one of those mods known?

Are there some furthermore basic directives on how to make my forum more secure? My htacces now locks config.php, common.php as the folders: db, includes, languages - i didn't lock the admin folder, since i can not open the ACP then. Should i still lock it?

thanks for all your advice ...

morph

//Edit: I have read about the session hijacking problem. But since guests can't post pictures in my forum that shouldn't be a problem for me then?
Back to top
Dog Cow
Board Member



Joined: 18 Nov 2008

Posts: 378


flag
PostPosted: Thu Jul 16, 2009 6:37 pm 
Post subject: Re: Hi Community

Morpheus wrote:

//Edit: I have read about the session hijacking problem. But since guests can't post pictures in my forum that shouldn't be a problem for me then?

What about linking a remote avatar?

_________________
Moof!
Lincoln's Tomb, Oak Ridge Cemetery, Springfield ILMac 512K BlogMac GUI
Back to top
transm
Board Member



Joined: 28 Jun 2009

Posts: 13


flag
PostPosted: Thu Jul 16, 2009 8:07 pm 
Post subject: Re: Hi Community

How does anyone read config.php? Does it need to be protected?
Back to top
Slackervaara
Board Member



Joined: 01 Jan 2009

Posts: 70



PostPosted: Fri Jul 17, 2009 12:58 am 
Post subject: Re: Hi Community

Most hackers uses cross-scripting and it can be blocked through .htaccess very easy.

http://phpbb2refugees.com/viewtopic.php?t=265#2535
Back to top
Dog Cow
Board Member



Joined: 18 Nov 2008

Posts: 378


flag
PostPosted: Fri Jul 17, 2009 10:35 am 
Post subject: Re: Hi Community

transm wrote:
How does anyone read config.php? Does it need to be protected?

He/she has to be on your server. In the olden-days of shared hosting, all the sites would use the same Apache user, so someone could just cd into your directory and read the file. Nowadays, (such as on my host) each customer gets his own Apache user, so the ownership rules apply-- you can only read your own files!

_________________
Moof!
Lincoln's Tomb, Oak Ridge Cemetery, Springfield ILMac 512K BlogMac GUI
Back to top
Display posts from previous:   
Register or Login to Post    Index » phpBB2 Discussion  Previous TopicPrint TopicNext Topic
Page 1 of 1 All times are GMT - 4 Hours
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0478 seconds using 16 queries. (SQL 0.0088 Parse 0.0007 Other 0.0383)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo