* The Business of Software

A community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

This community works best when people use their real names. Please register for a free account.

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

Can anyone crack a phpbb forum?

Long story short:  an idiot hacked our forum and apparently changed the admin account pw. So we can't install the latest version of phpbb which patches the opening he used. My webhosting service has been trying for two weeks to fix the problem.
embarrased
Friday, June 17, 2005
 
 
I'm guessing the password is hashed somehow...why not install phpbb locally, set the password to your liking, take the hashed value from the local db, replace the new hacked password hash with it. 

That's an uninformed, off-the-cuff guess...
GiorgioG Send private email
Friday, June 17, 2005
 
 
We are concerned about the loss of data (the threads). There's almost a year's worth of conversations.
embarrased
Friday, June 17, 2005
 
 
Anyone know where I might get a solution?
embarrased
Friday, June 17, 2005
 
 
I understand that, simply back up your mysql database (or whatever db backend you're using.

Then:
1. Install phpbb on your computer (not on the server).
2. Set the password for the local copy of phpbb
3. Open local database table that contains the admin password (there's probably a table for 'users')
4. Copy the value for the password from the local table and update the server's table admin password field value.

Again, back all your data up first.  If you're non-technical (unlikely) and need help maybe we can work something out...
GiorgioG Send private email
Friday, June 17, 2005
 
 
phpBB has been pluged with so many holes, I wonder why you would use it.

Try,
miniBB or
PunBB.
JD Send private email
Friday, June 17, 2005
 
 
=~ s/pluged/plugged/
JD Send private email
Friday, June 17, 2005
 
 
The password for the admin account is different from the password to the database account. Why can't you just access the database directly and change the password back? If you don't know the database username/password, you can find them in the config.php file.
BenjiSmith Send private email
Friday, June 17, 2005
 
 
Access the database using PhpMyAdmin for example and locate the PhpBB users table. Change the password of the admin to another one (the password column contains the MD5 of actual passwords), or if you have another account which is a normal user and which password is known to you, change its privileges in the table and make it an administrator.

By the way, PhpBB has had a lot of security flaws during the last months. PhpBB guys recommend subscribing to their mailing list to be informed as soon as a problem is reported. The hacker who attacked your site took control using a breach which was in PhpBB until version 2.0.10. 2.0.11 was released since last November to fix the critical issue http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636 .
M² at Aprelium Send private email
Friday, June 17, 2005
 
 
Simply create a new account with the desired password. 

Then go into the backend.. copy, paste, done.
KC Send private email
Friday, June 17, 2005
 
 
JD,

PunBB has had holes as well, our punbb forum got hacked a couple of months ago.
Tony
Saturday, June 18, 2005
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz