»Site got hacked by islamic hackers - above tips don't work.«
|
|||
|
My site got hacked a million times now and in fact, none of the "security tweaks" helped me, even though I have incorporated all of them. The main trouble is that my site got hacked by islamic cyber terrorists and they say that there is a "shell vulnerability" in my phpBB2 site. Now, I asked for support at phpBB2 but they said that it is a problem with the host.. When I asked the host, they said that it is a problem of the developers and programmers... Now, WHO IS RESPONSIBLE FOR THIS? Why is my site getting hacked? My site:  Any help would be greatly appreciated... posted by BoA |
|||
|
|||
| in-my-opinion.orgTechnology, Computers, Science, InternetSoftware by the adminSite got hacked by islamic hackers - above tips don't work. |
|
|||
 BoA: The main trouble is that my site got hacked by islamic cyber terrorists and they say that there is a "shell vulnerability" in my phpBB2 site. Shell Vulnerability doesn't sound like a phpBB issue. I may be mistaken, but it really sounds like a non-phpBB security hole. Did your hoster say it's phpBB's fault or what? posted by knn |
|||
|
|
|||
|
|||
|
I don't know but the host says that they have nothing to do with the problem. That's what they told me: Quote: The problem is not a secure shell as you do not have SSH access, but a vulnerability in your code allow shell_exec($command) and similar problems. Please consider updating/revising your code or checking with the developers of the software you are using for any updates or security patches that you can apply. But the thing is that I DID apply all the patches and fixes...and I run the latest phpBB2...including the tips above.. Second reply: Quote: Our servers do nothing more than parse the php code you have an execute it. If your code allows someone to exploit it, and put their own commands in the shell_exec() function, then the people who designed the code needs to fix this. There are ways to protect against this. It is up to the skill and the motivation of your programmer to make this happen. I do apologize, however, we do not provide custom code support. Help... posted by BoA |
|||
|
|||
|
|||
|
shell_exec() is is not something that is implemented in any phpBB file, as far as I know. Except my backup script. But that script runs only if a password has been set. Maybe someone found out your backup folder AND your password. You should change both then, if you use my backup mod. Moreover I have uploaded now a new phpBB mod with 1 slight security change. posted by knn |
|||
|
|||
 Register Log in |
The time now is 24 May 2012, 23:23 php B.B. |