Cheers,
Graham.
demolitionred, 21 Oct 2005 06:19:07
Unfettered was hacked more than once before this campaign started.
adrian, 21 Oct 2005 09:03:50
At 03:37 21/10/2005 +0100, graham wrote:
>
>
>av8r0344@hotmail.com wrote:
>
>> Unfettered Forum is apparently the victim of a hack attack.
>>
>> Now reads "hacked by $%^&+*%* Turkish Hacker"
>>
>> So unfettered is targeted during this campaign, and quite a
> > few contributers get spammed with nastyness.....
>>
>> Probably a coincidence,
>
>I think it is, a quick google suggests that its a virus attack on a
>vulnerability in phpBB:
>
>Search>
It is indeed, and is fixed in a later version. But the upgrade path is
messy and I don't want to risk losing other changes, let alone any data.
It's on my list, but frankly I think we might just go over to smartgroups
and worry about it when/if we ever have time.
Lothario, 21 Oct 2005 12:52:47
You might want to look at PunBB as a replacement for PhpBB:
www.punbb.org
It's considered to be more reliable and secure. There's also a
converter script to import your PhpBB data.
I'd generally say that it makes more sense to host your own forum
according to your own rules (and have the ability to back up the
database) rather than be subject to the whims of a hosted service
provider like Smartgroups.
If Smartgroups unilaterally decide that they don't like the look of
your forum (which is a real risk with this kind of thing), they can
just pull the plug and you'll lose the entire archive and membership
list.
--
Lothario.
"I disagree with what you say, but I will defend to the death my right
to stop you saying it." - Charles Clarke (attributed)
adrian, 21 Oct 2005 13:12:24
Lothario
Good advice. I would never have considered Yahoo as a replacement but
who's to say Smartgroups might not do the same things..
The current phpBB may well fix this particular exploit, I just never
managed to get the time to do the rather messy manual upgrade. I should
have done, this is a nasty one and I can't restore from the database save.
punbb is looking more attractive at the moment.
The UF forums is quiet at the moment and everything else is busy so I've
just taken the forum down. We're in good company, a Google shows 245000
hacked phpBB sites.
Yes, on second thoughts, I'll definitely go with something else. phpBB are
just too big a target for the hackers.
Roel, 21 Oct 2005 16:14:14
av8r0344@hotmail.com wrote:
> Unfettered Forum is apparently the victim of a hack attack.
>
> Now reads "hacked by $%^&+*%* Turkish Hacker"
Funny. This happened to a Dutch bdsm-forum a few weeks ago. That too was
hacked by someone at least suggesting a Turkish background (Turkish
flag, anti-PKK slogans). No reference was made to the content to the
forum, and it may well have been simple script-kiddies. Still,
interesting that another bdsm-forum was targeted.
Roel
adrian, 21 Oct 2005 16:39:58
At 17:14 21/10/2005 +0200, you wrote:
>Funny. This happened to a Dutch bdsm-forum a few weeks ago. That too was
>hacked by someone at least suggesting a Turkish background (Turkish
>flag, anti-PKK slogans). No reference was made to the content to the
>forum, and it may well have been simple script-kiddies. Still,
>interesting that another bdsm-forum was targeted.
Most of the 244,998 other sites hacked by ', a Turkish
hacker from Turkey' aren't BDSM either!
When an exploit gets publicised that requires people to immediately update
popular commercial software, and the users can be found simply by putting
'Powered by phpBB' into Google, you're a sitting duck unless you have a
full-time security consultant.
Lothario, 21 Oct 2005 16:59:17
It sounds like the first thing to do is to remove the bit of text that
says, "Powered by phpBB"!
--
Lothario.
"I disagree with what you say, but I will defend to the death my right
to stop you saying it." - Charles Clarke (attributed)