Topic: SECURITY! Vulnerability
My site has 2 weeks old, and 1 week with punBB.. IT WAS HACKED.
PunBB is not SAFE anymore! The guy who hacked it, it was to bord to destroy the site (is empty) and he left only title and desciption 
1 2014-01-15 18:06 (edited by florin.hangu 2014-01-15 18:06)
Re: SECURITY! Vulnerability
what ur ext installed?
hacker can only inject script on extension 
sorry my BAD english T___T
Have a nice day >.<
(^____^)v
Have a nice day >.<
(^____^)v
Re: SECURITY! Vulnerability
none installed...
i do have one extension uploaded, but is disable
SEO Optimizer (quadric_seo_optimizer)
Re: SECURITY! Vulnerability
just rename in admin setting
sorry my BAD english T___T
Have a nice day >.<
(^____^)v
Have a nice day >.<
(^____^)v
Re: SECURITY! Vulnerability
rename what? the extension.. isnt working anyway... now i have to re-install the forum password change and the forum dont send me a new pass....
6 2014-01-16 08:08 (edited by keeshii 2014-01-16 08:08)
Re: SECURITY! Vulnerability
I am quite sure that punbb is not the problem here. I see 4 possibilities:
a) Your password was easy to guess -> f.e. account "admin", password "admin",
b) You have installed a poorly written extension.
c) Not forum, but your website is XSS vounerable. Someone may deleted all your data using vounerability found in your website.
d) I don't know on what server your website/forum is hosted. Are you sure, you can trust the company responsible for hosting?
If you want to contact me quickly - send e-mail, not PM.
<?php $t='<?php $t=%c%s%c; printf($t,39,$t,39,10);%c'; printf($t,39,$t,39,10);
<?php $t='<?php $t=%c%s%c; printf($t,39,$t,39,10);%c'; printf($t,39,$t,39,10);
- dimkalinux
- Administrator
- Offline
Re: SECURITY! Vulnerability
Currently there are no known vulnerabilities in the forum engine.
http://secunia.com/advisories/search/?search=punbb
Re: SECURITY! Vulnerability
a) password was medium... how ever isnt that easy to guess it...
b) poorly extension ( seo from quadric - idk if is or ist not poorly, isnt working for me thats for sure - its disable... )
c) xss maybe, i dont know anything about this...
d) my host provider is pretty solid i see, not to big or known.. site work pretty good...
can be from the skin ? i did edit the skin alot, can be there some issue ? i intend to release it, but not if can has sopme issues with security....
- dimkalinux
- Administrator
- Offline
Re: SECURITY! Vulnerability
Check server access logs. Check ftp logs.
Re: SECURITY! Vulnerability
my host/ ftp password is not the same as my site admin passoword... so im clean there.