Sub Menu
Links Menu
Online Users

In total there are 321 users online :: 1 registered, 0 hidden and 320 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Google [Bot] based on users active over the past 60 minutes

Recent Hacking Discussion (continued...)

This is where youll find security related information.
Discuss Integramod/phpbb security issues here.

Moderator: Integra Moderator

Re: Recent Hacking Discussion (continued...)

PostAuthor: rockeiro » Sun Oct 22, 2006 11:21 pm

It IS a local forum on my own server that I can directly access the whole hard drive on and I'm telling you... there's no php.ini in any system path or php program path.

My Security>Info:php says Configuration File (php.ini) Path C:WINDOWS
but it's not there.

Interesting huh?

Maybe that's why this board has been running like a dawg.

I think I'll start with the php.ini-recommended file and see what you guys say need's to be tweaked from there.
Last edited by rockeiro on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
:o
Brazilian Cultural Society of Edmonton http://brased.org
User avatar
rockeiro
Newbie
Newbie
 
Posts: 11
Likes: 0 post
Liked in: 0 post
Joined: Fri Jul 07, 2006 12:05 am
Cash on hand: 0.00

PostAuthor: Michaelo » Thu Oct 26, 2006 1:16 am

Just make sure it's not hidden... after all it is windas... <img>

I will email you a copy you can use if you like...
Mike
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

Re: Recent Hacking Discussion (continued...)

PostAuthor: rockeiro » Thu Oct 26, 2006 8:07 am

That would be helpful.

Thank You.

Discussion moved to new thread in General Discussion: php.ini or lack thereof
Last edited by rockeiro on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
:o
Brazilian Cultural Society of Edmonton http://brased.org
User avatar
rockeiro
Newbie
Newbie
 
Posts: 11
Likes: 0 post
Liked in: 0 post
Joined: Fri Jul 07, 2006 12:05 am
Cash on hand: 0.00

Re: Recent Hacking Discussion (continued...)

PostAuthor: Drop-Forged » Wed Jan 03, 2007 1:26 am

There seems to be an exploit for the kb_constants.php now
http://integramod.com/home/viewtopic.php?p=70059#70059
Last edited by Drop-Forged on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[url=http][img=left]http://www.christiansoldiers.com/Sig/sig.png[/img][/url]
[url=http]Free IntegraMod 141 Themes at webhutch.net[/url]

Drop-Forged
Integra Member
Integra Member
 
Posts: 167
Likes: 0 post
Liked in: 0 post
Joined: Sat Apr 08, 2006 7:07 pm
Cash on hand: 0.00

Re: Recent Hacking Discussion (continued...)

PostAuthor: MWE_001 » Tue Jan 09, 2007 3:39 pm

Hello Drop Forged. Is there anyway without copying another authors word for word, give us the run down here per chance? It seems as though I , not sure about others, have been banned from that site or something. Why I would be is beyond me, I dont have permission to view portal.php on that server.
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

Re: Recent Hacking Discussion (continued...)

PostAuthor: Teelk » Tue Jan 09, 2007 5:58 pm

That site's down for some reason.

Basically, the fix is to place...
Code: Select all
if ( !defined('IN_PHPBB') ){   die("Hacking attempt");}
...at the top of each file, after the comment section(the file info section at the top).

Do this to each includes/kb_****.php file.
Last edited by Teelk on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Joined: Tue Mar 14, 2006 5:25 pm
Cash on hand: 0.00
Location: Canada

Re: Recent Hacking Discussion (continued...)

PostAuthor: MWE_001 » Tue Jan 09, 2007 8:10 pm

thx Teelk. I be sure to do that all.
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

Re: Recent Hacking Discussion (continued...)

PostAuthor: Frost » Wed Jan 10, 2007 5:42 am

DO NOT DO THESE EDITS I POST, IT IS MERELY A QUESTION


Do you mean to add this on kb_constants.php or all of them?

It wouldn't be

Code: Select all
 if( !defined('IN_PHPBB') )  {       die('Hacking attempt');       exit;  }  


In kb_constants.php

and

Code: Select all
 if ( !defined( 'IN_PORTAL' ) )  {       die( "Hacking attempt" );  }  


In all others except kb_constants.php?

[b]Edit]Or I just thought of something else, wouldn't it be safest to do

Code: Select all
 if( !defined('IN_PHPBB') )  {       die('Hacking attempt');       exit;  }  else  {       if( !defined('IN_PORTAL') )       {           die('Hacking attempt');           exit;       }  }  

?

Or maybe I should stick to what I'm decent at lol
Last edited by Frost on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[size=99px]PhpBB3 Themes[/url] ]PhpBB3 Development Center[/url] [/size]

Frost
Sr Integra Member
Sr Integra Member
 
Posts: 776
Likes: 0 post
Liked in: 0 post
Joined: Wed Sep 13, 2006 1:04 am
Cash on hand: 0.00
Location: Photoshop CS3

Re: Recent Hacking Discussion (continued...)

PostAuthor: Teelk » Wed Jan 10, 2007 1:48 pm

The Knowledge Base MOD was designed to work with both phpBB and mxBB portal. The definition IN_PORTAL isn't used in phpBB or IM, so it is completely ignored. Placing if( !defined('IN_PHPBB') ) code at the start of the file is enough.

I'd do it to all the includes/kb_****.php files, since none of them have that code.
Last edited by Teelk on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Joined: Tue Mar 14, 2006 5:25 pm
Cash on hand: 0.00
Location: Canada

Previous

Return to Forum Security

Who is online

Registered users: Google [Bot]

cron