Topic: Security problems

Hi all!
I'm having some "hack" problems with my web. Sometimes one guy get my super-admin account and the rest of admin accounts. I'm actually changing my password in the DB "by hand", to recover the control. but I don't think that this is a solution. How can I evade this attacks? And what's he doing?

Thnx for your time smile

PD: I'm reading again the readme, to find any possible permission to config.php or any other file that could be the problem ((><))

Re: Security problems

What modifications do you have installed?

3

Re: Security problems

after changing the password "by hand", make a note within your apache access log and if that guy changes your password again, just analyze the requests your apache received during your last change...

if its really a bug in punbb it would be nice to know!

greets,
e-axe

Re: Security problems

Ok !
At the moment I'm using many mods. I'm seeking for all of them that can change things in the DB, and the only one could be Frontpage. The rest have their own DB or doesn't touch it. I'm using Itemstats (World of Warcraft mod who has its own DB), and some mods like the youtube mod or smilies added "by hand", changing some code in some .php .

I will see the apache log smile


thnx for all !

Kryptie.

Re: Security problems

Having their own tables does not make them immune.