phpBB & awstats security issues

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Jason
    Junior Member
    • Oct 2004
    • 5

    phpBB & awstats security issues

    When trying to figure out how to stop automated account creation on phpBB, I went to phpbb.com and saw this:

    Last updated: 8th February 2005, 02:08 GMT

    At present www.phpbb.com is offline due to a group of politically motivated hackers wishing to use an opensource project to push their agenda ... shame on them.

    We have some possible further details of the events which led to the loss of www.phpbb.com. Though I have not spoken with them myself I have learnt through an intermediary the group that appears to have attacked phpbb.com did indeed use a vulnerability in awstats to gain entry to our server (note the singular use of server there, we don't own a server cluster, just a server).


    I am having a problem with user accounts being created with boom.ru web sites and email addresses and such.. has anyone found a way to prevent this? I am thinking I should switch to vBull, but I don't have the time to do this right now. Any suggestions would rock.

    Jason
  • joan
    Junior Member
    • Apr 2004
    • 20

    #2
    Looks like you can add "mystery word" confirmation to PHPbb.



    Why don't you turn that on/upgrade to the version that has it?

    Comment

    • sdjl
      Senior Member
      • Mar 2004
      • 502

      #3
      Awstats here should be ok as it's only accessible via your cPanel username and password
      -----
      Do you fear the obsolescence of the metanarrative apparatus of legitimation?

      Comment

      • grom
        Junior Member
        • May 2004
        • 8

        #4
        I am having a problem with user accounts being created with boom.ru web sites and email addresses and such.. has anyone found a way to prevent this?
        New phpbb v. 2.0.11 has a feature for entering a randomly generated confirmation code from an image. If you haven't update your phpbb to 2.0.11 you should do that A.S.A.P. because number security holes in v. 2.0.10

        Comment

        • Frank Hagan
          Senior Member
          • Mar 2004
          • 724

          #5
          In newer versions of phpBB, it is called "Visual Confirmation". Turn it on in the Admin control panel, General Configuration*General Board Settings*Enable Visual Confirmation

          Comment

          Working...