Forums

Sega Master System / Mark III / Game Gear
SG-1000 / SC-3000 / SF-7000 / OMV
Home - Forums - Games - Scans - Maps - Cheats - Credits
Music - Videos - Development - Hacks - Translations - Homebrew

View topic - [Spam] Apology for 4 abusive e-mails

Reply to topic
Author Message
  • Site Admin
  • Joined: 08 Jul 2001
  • Posts: 8644
  • Location: Paris, France
Reply with quote
[Spam] Apology for 4 abusive e-mails
Post Posted: Fri Apr 08, 2005 7:56 am
One silent user found interesting to hack into phpbb and gain administrative rights, from where he sent four "Hi!" e-mails, apparently to all users.

This is very destructive in the sense that non-regulars may not cope with it as well as regulars, and it don't want this kind of childish action to reflect on the trust given by users (eg: we have an already reluctant japanese community with a few suscribers, I would not want them to think this site is abusing of their e-mail, and this apply to anyone who won't be reading this message as well).

I am very sorry for that. I am investigating and trying to talk with this guy. Hopefully this won't happen again.
  View user's profile Send private message Visit poster's website
  • Joined: 06 Jan 2005
  • Posts: 177
Reply with quote
Post Posted: Fri Apr 08, 2005 8:55 am
no worries man, whoever it was obviouslty has no life
  View user's profile Send private message
  • Joined: 05 Jan 2005
  • Posts: 1
Reply with quote
Post Posted: Fri Apr 08, 2005 9:08 am
ah well. game me a good excuse to see what's been happening around here during the last year or two ;)

seems like I have been around registering in the forums tho'.. :)


btw; the latest phpBB version is 2.0.13. phpBB is well-known for having a lot of security holes, and it's important to keep it up to date as more and more exploits are being discovered.
  View user's profile Send private message
  • Site Admin
  • Joined: 08 Jul 2001
  • Posts: 8644
  • Location: Paris, France
Reply with quote
Post Posted: Fri Apr 08, 2005 9:19 am
fractalgp wrote
btw; the latest phpBB version is 2.0.13. phpBB is well-known for having a lot of security holes, and it's important to keep it up to date as more and more exploits are being discovered.

The problem is that once you customized it, updating phpBB is HELL. It would take me 4 hours, maybe more. I'll do it someday, and will try to list differences properly so I can do future update with more ease.

I applied security patches from newer versions (maybe not all?) so although it says 2.0.10 here, it should be unattackable from the common exploits. The hack was done on March 11, btw. The person who did that apparently stayed idle with admin rights and sent me an unclear message back at this time. The board may be unattackable (with current public knowledge/exploit) since this time because I also applied new patchs after March 11.
  View user's profile Send private message Visit poster's website
  • Site Admin
  • Joined: 19 Oct 1999
  • Posts: 14689
  • Location: London
Reply with quote
Post Posted: Fri Apr 08, 2005 9:35 am
The fix for this attack seems to be the top one here:

http://www.phpbb.com/security/

There are also complete manual-upgrade notes here:

http://www.phpbb.com/phpBB/catdb.php?cat=48

As I previously mentioned privately, also hacking it to display the latest version number will deter most attackers from even trying. Correction: versions after 2.0.12 don't show the version number for exactly this reason.
  View user's profile Send private message Visit poster's website
Reply to topic



Back to the top of this page

Back to SMS Power!