some sorry bastard has too much time on his hands.
googling shows that the sorry script kiddie has a fetish for phpbb's and needs to get a life......
Better him than someone installing a proxy or doing other really nasty stuff it seems...
Humerous picture of Allastair Cookie. Small consolation I would imagine...
I wonder what version of phpbb usercb was running..
Anyway, I am testing out punBB. It is damn fast, but a bit light on the features side. Works fine for my needs, but might not for the arch community. Damn fast though...damn fast. (prespawn php-fcgi with eaccelerator helps too.).
Did I mention fast?
EDIT: Yikes. Looks like all of usercb pages are fooked. Wonder if it was a phpbb vuln, or something else (I would still bet on phpbb being the hole).
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
if you look at the google i did on the dude, 90% of his targets have been phpbb's.
either way, not *everything* is buggered.
i can still search new posts, cant view them though. looks like its just the index page.
yay, seems like it's back up
wiki is down tho
My host's hosting usercb, server got hacked. All index.php and index.html were changed. They say the problem was with a phpbb vulnerability. As it was the hacker was only able to modify the website files and not anything else on the servers.
Its fixed now.
You know, I think phpBB forums need some sort of defence against script kiddies... Some way to find who the hack came from and send something nasty their way. For Windows, I'm thinking c:auxaux on startup...
The thing is that if some stupid script kiddy can already hack you, you're doing something wrong. Be glad he didn't do any real damage, and start fixing the security before a malicious cracker chooses your server.
Same I told to my host:
> Luckily it was a "harmless" hacker just proving he/she is able to hack.
> He/she could have deleted everything.
Fortunately I have a copy of all installed php web systems e.g. phpBB and PostNuke, in my local and could easily replace the hacked index files. They were many, it became a full day job.
The good side, got an opportunity to remove lot of old stuff. And a first hand experience in the importance of security.