http://punbb.org/changelogs/1.1.5_to_1.2.txt
I found the changelog... looks like i probably need to upgrade ... sigh.. i HATE upgrading lol. 
1 2005-01-11 18:59
Re: Any security issues with punbb 1.1.5 ? (2 replies, posted in PunBB 1.2 discussion)
2 2005-01-11 18:50
Topic: Any security issues with punbb 1.1.5 ? (2 replies, posted in PunBB 1.2 discussion)
Any security issues with punbb 1.1.5 ?
I'm not at ALL unsatisfied with punbb 1.1.5, and the upgrade process didn't want to work well for me. Is there any security issues with just staying with punbb 1.1.5 ? I really like the minimalistic way it looks, and it does exactley what i wanted it to do.
I don't need groups, I don't need PM's, I don't need any extra frills other than what's already in 1.1.5
In other words, I LIKE 1.1.5 and don't REALLY want to change it. Any urgent reasons I need to ?
3 2004-12-30 17:22
Re: News Pages.... (11 replies, posted in Programming)
good grief, don't have a cow...
You COULD install forums only YOU could post into and no link... so you COULD use the mod and forum that way if you wanted too... otherwise, there are a huge number selections at http://www.hotscripts.com
http://www.hotscripts.com/PHP/Scripts_a … index.html
http://www.hotscripts.com/PHP/Scripts_a … l_Systems/
4 2004-12-29 22:33
Re: punBB, defaced sites and Chacmool's converter (12 replies, posted in PunBB 1.2 discussion)
THANKS
5 2004-12-29 21:27
Re: punBB, defaced sites and Chacmool's converter (12 replies, posted in PunBB 1.2 discussion)
For those running Apache, using mod_rewrite to send the offending worms to a very small 403 error page is fairly simple. This assumes you have access the apache config files. The added benifit of doing that is you can keep it from filling up your log file with garbage as well. Unless you just WANT to keep track of the worm hits... (I don't), I prefer to send them to my 403 page.
<Directory /var/www/html/>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/winnt/system32/(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/winnt/system/(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/windows/system32/(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/windows/system/(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/cmd\.exe[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/scripts/root.exe[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/msadc/root\.exe[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)\\\.\.(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/admin\.dll[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/msadcs\.dll[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/ext\.dll[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI} (.*)/\.(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/php\.exe[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)\<(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)\>(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)\|(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)%252(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)%252echr(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)rush=%(.*) [OR]
RewriteCond %{REQUEST_URI} (.{255,}) [OR]
RewriteCond %{QUERY_STRING} (.{127,}) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} [\x00-\x1f]+ [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} [\x7f|\xff]+ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR]
RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR]
RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]
RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^Ping [OR]
RewriteCond %{HTTP_USER_AGENT} ^Link [OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR]
RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^psbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector
RewriteRule ^.* - [F]
</Directory>The part that will disable the hack attempts to phpbb viewtopic are:
Code:
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)%252(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)%252echr(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)rush=%(.*) [OR]If you use
RewriteRule ^.* - [F,E=nolog:1]
Then you don't even LOG the hits, saves on diskspace if your getting hit hard. Save's on apaches time to process as well. For REALLY hard hit sites, you might want to look into mod_security for apache.
HTH's
6 2004-12-29 21:11
Re: The new website (137 replies, posted in News)
I'm new here, but have been using PunBB for one of our forums.
I like the way that they are designed and the simplicity of them.
Keep up the good work
Looking forward to the next release as well !