[thelist] phpBB hacked and Crystal Tech isn't being very helpful

Joel D Canfield Joel at BizBa6.com
Fri Mar 27 12:59:17 CDT 2009

I've been searching for *fixes* and can only find others with the same


Many of the files in my installation of phpBB have an ugly patch of
scripting (I'm googling the fairly unique string ' tmp_lkojfghx')


Last night, the bb stopped working. I found the problem with the files,
deleted them and uploaded fresh. It was working when I went to bed. (I
assumed it had happened recently when the files were set to 777 briefly
for a config change. They're changed back, and it's still happened.)


This morning, it's happened again. The files are read only. There are
only two of us with ftp access and I trust us both.


Crystal Tech is feeding me canned answers from a book, some of which
refer to versions of phpBB which are three years old; one link they sent
was regarding an exploit patched in 2005. (When CT works, it's great,
but for some reason, when there's the slightest issue, they suddenly
become corporate stiffs who just keep repeating "not our fault; not our
fault." Also a bit scary, this morning I'm having problems connecting to
them via ftp.)


I'm not a MySQL admin, nor do I know much about PHP security. But I
can't find any helpful info about preventing this from happening again,
and Crystal Tech is pretty much leaving it up to me.




Joel D Canfield
Joel at BizBa6.com <mailto:Joel at BizBa6.com> 
916.771.9297 office * 916.765.1712 cell
Buy my book <http://CommonsenseEntrepreneur.com/ce/ce_book.asp>  *
Newsletter signup <http://CommonsenseEntrepreneur.com/ce/newsletter/> 


More information about the thelist mailing list