Since January, hackers have hit hit over 500,000 website, with everything you could possible imagine; viruses, trojans, malware etc etc. As for the types of websites, sadly to say, these websites who are getting hit are running PHPBB forum and the worse part is htey don't mention which version of the phpbb forums are getting hack. So it is safe to say any version below 3.0 is hackable and maybe even 3.0 itself. As for some of the stuff that is being transmitted are old and new, but one trojan has been identified and it is the Zlob Trojan or rather variations to the Zlob Trojan. The last major attack happen 3 weeks ago, as government sites and United Nation websites received the blunt of this attack and as usualy the blame was being password around such as Microsoft's IIS and SQL server, but Microsoft denied that a couple of days later.

As for how this process is done it is pretty simple:



So I if your one of those heavy forum modifiers you better want to make sure the holes and patches are fixed or your website will be constantly compromise and what not. So you may want to get a hold of phpbb support or check out hte forms to see what is up with this problem and finding out how it can be fixed.

SOURCE

As long as Lithium and Invision stay safe, I'm a happy camper.

And anyone who hacks to upload malicious software is really just a wussy. It's terrorism behind the safety of their closed doors.

That makes me glad that I am currently not running a forum because I generally would use PHPBB but I had 3.0 before. I guess I will have to switch to SMF or something else free unless I pay the $100 so I can purchase Invision. Good luck to all of those running PHPBB.

OOps thats me lolz better go try fix it or get another forum =[

I use phpBB3... never ever had any security issues at all with it. And if I do, you can be sure that I would let the phpBB3 team know.

I also asked one of my friends to read through its code and there was nothing there he considered dangerous.

I do have MODs installed, but only simple ones that won't compromise the security of my site.

hmm interesting thing however I think that this has something more to do with XSS that is cross site scripting then with the forum itself and they have probably made or found some vulnerability in the forums that gave thema bility to redirect users from the forum itself to some malicious site. Because PHPBB forums are quite safe in a way and I haven't heared a lot of problems on their end.

But as alwways there is also other possability and that is that they are not hacking those forums but merely using some service that is generating forums and subdomaines you knwo what I mean those free services that offer forum and subdomain. So what might have happened is that they have hacked some and such service and then changed code behind it so that some of the users would get redirected and voala you've got yourself several thousands slave computers. Easy doesn't it.

Good Luck everyone

But I will still prefer PHPBB against any other forum probably for some time in the future. Also I have it set up though there is no any activity it is good for experimenting. http://forum.zedsi.com

That is what I am thinking to about the free forum makers as well, but of course I wouldn't be surprise if they brute force their way in because of some simple log in, like admin and password. However, some of the government sites I wouldn't doubt they are using full version software and not going to one of these free sites because that wouldn't make much sense, and yeah I would have to agree that XSS could be another factor. Of course they don't tell what version is being used so it is hard to say who is more affected by this.

I don't expect this to happen with phpBB 3, which is more professionalistic than its previous versions. So the problems might be because of some older phpBB versions.

As mentioned in the report the attacks have affected only IIS, that is windows servers. So nowadays people who host projects or sites in OpenSource languages especially PHP, Java, Python or Ruby host only on Linux Servers, so this threat will have no impact on them.

But still it is always advisable that you keep your softwares updated and patched.

SMF and FireFox win! I've heard of many PHPBB vurnerabilities... It's just horrible waking up one day and seeing everything lost... Poor people hacked

Antispyware Name can not be blockedHackers Hijack A Half-million Sites: Phpbb Forum Users Must Read

For months my computer at  70.113.62.18  has been under daily browser DNS attack, reversals of search, and statements with  Xoftspy that your SITE is hijacked, and its placing  Antispyware into quarantine lasted there only as long as it takes to run a new scan. Malwareadbytes could not block it and it is rated SEVERE RISK of the highest level meaning the hijackers were in control of redirects thru browser IEX8 completely. I also run Windows Defender, Regcure,Stopzilla and PC to simply block this controlling trojan malware preventing normal operations at my primary site of www.Carcommtelecom.Com  Any assistance, ideas or information that will correct this problem will be greatly appreciated.

-question by J Carrington

Oh .. No .. I am a hosting a PhpBB2 forum , and in the initial days i had no problem with the same , i just had a proper way in which users sign up and my forum was looking and was working fine , may be this continued for about more than few days. On one day suddenly spammers broke in , i was really unable to find out whether they are mannual spammers or BOTS , because they were bypassing the Captcha in the registration form. Then i came to know that Captcha can be bypassed easily by hackers and spammers and no longer Captcha provides its security.

So from that day till now i have my PhPBB2 forum stormed by spammers , by storming what i mean here is that they just create fake accounts in hundreds , so now i am planning to remove the phpbb2 forum entirely from my site , the only question what i have is that , now spammers got to know my site address and if i move to some other stuffs like chats etc. in my site will the spammers attack that too ? if so kindly let me know how to avoid them.

I also tried blocking their IP address from cpanel. Still they come

Does anyone know where I can get a FREE! Forum with NO ADS!? Thanks A Billion.! ...more

For those of you who are hosted on Trap17 and using phpBB3.0.x you might want to consider adding some mods... Some mods which I extremely highly recommend to get is: #1 "Anti-Bot Question" mod, which adds a question like "can you see through glass?&quo ...more

Hello all! I would assume, due to the fact that this free host offers php and mysql support, that one could run a phpBB forum on it. However, I cam across an issue: many of the free hosts available do not offer SSI support. Last time I checked, SSI was very crucial to a phpBB forum ...more