1 (edited by florin.hangu 2014-01-15 18:06)

Topic: SECURITY! Vulnerability

My site has 2 weeks old, and 1 week with punBB.. IT WAS HACKED.

PunBB is not SAFE anymore! The guy who hacked it, it was to bord to destroy the site (is empty) and he left only title and desciption yikes

http://s30.postimg.org/pk9g6k8qo/image.jpg

http://s30.postimg.org/4yuoenr5s/image.jpg

Re: SECURITY! Vulnerability

what ur ext installed?
hacker can only inject script on extension sad

sorry my BAD english T___T
Have a nice day >.<
(^____^)v

Re: SECURITY! Vulnerability

none installed...
i do have one extension uploaded, but is disable

SEO Optimizer (quadric_seo_optimizer)

Re: SECURITY! Vulnerability

just rename in admin setting

sorry my BAD english T___T
Have a nice day >.<
(^____^)v

Re: SECURITY! Vulnerability

rename what? the extension.. isnt working anyway... now i have to re-install the forum sad password change and the forum dont send me a new pass....

6 (edited by keeshii 2014-01-16 08:08)

Re: SECURITY! Vulnerability

I am quite sure that punbb is not the problem here. I see 4 possibilities:

a) Your password was easy to guess -> f.e. account "admin", password "admin",

b) You have installed a poorly written extension.

c) Not forum, but your website is XSS vounerable. Someone may deleted all your data using vounerability found in your website.

d) I don't know on what server your website/forum is hosted. Are you sure, you can trust the company responsible for hosting?

If you want to contact me quickly - send e-mail, not PM.
<?php $t='<?php $t=%c%s%c; printf($t,39,$t,39,10);%c'; printf($t,39,$t,39,10);

Re: SECURITY! Vulnerability

Currently there are no known vulnerabilities in the forum engine.
http://secunia.com/advisories/search/?search=punbb

Re: SECURITY! Vulnerability

a) password was medium... how ever isnt that easy to guess it...
b) poorly extension ( seo from quadric - idk if is or ist not poorly, isnt working for me thats for sure - its disable... )
c) xss maybe, i dont know anything about this...
d) my host provider is pretty solid i see, not to big or known.. site work pretty good...

can be from the skin ? i did edit the skin alot, can be there some issue ? i intend to release it, but not if can has sopme issues with security....

Re: SECURITY! Vulnerability

Check server access logs. Check ftp logs.

Re: SECURITY! Vulnerability

my host/ ftp password is not the same as my site admin passoword... so im clean there.