[thelist] phpBB hacked and Crystal Tech isn't being very helpful

Eduardo Kienetz eduardok at gmail.com
Fri Mar 27 13:17:28 CDT 2009


On Fri, Mar 27, 2009 at 2:59 PM, Joel D Canfield <Joel at bizba6.com> wrote:
> I've been searching for *fixes* and can only find others with the same
> problem.
>
> Many of the files in my installation of phpBB have an ugly patch of
> scripting (I'm googling the fairly unique string ' tmp_lkojfghx')
>
> Last night, the bb stopped working. I found the problem with the files,
> deleted them and uploaded fresh. It was working when I went to bed. (I
> assumed it had happened recently when the files were set to 777 briefly
> for a config change. They're changed back, and it's still happened.)
>
> This morning, it's happened again. The files are read only. There are
> only two of us with ftp access and I trust us both.
>
> Crystal Tech is feeding me canned answers from a book, some of which
> refer to versions of phpBB which are three years old; one link they sent
> was regarding an exploit patched in 2005. (When CT works, it's great,
> but for some reason, when there's the slightest issue, they suddenly
> become corporate stiffs who just keep repeating "not our fault; not our
> fault." Also a bit scary, this morning I'm having problems connecting to
> them via ftp.)
>
> I'm not a MySQL admin, nor do I know much about PHP security. But I
> can't find any helpful info about preventing this from happening again,
> and Crystal Tech is pretty much leaving it up to me.

First thing to do is download your Apache access log. Then look
through it. One of the requests will show what started everything.
Then you can block/fix whatever it is.

-- 
Eduardo Bacchi Kienetz



More information about the thelist mailing list