I keep getting this error on a forum I am administrating. I have tried to locate any anomoly on line 361 of functions.php and even replacing the file with one straight from phpBB.com. No Avail.
[quote]phpBB : Critical Error
Could not open aaa=12;eval(stripslashes($_REQUEST[nigga]));exit();// /…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/tmp template config file
DEBUG MODE
Line : 361
File : functions.php[/quote]
The forum worked fine last night, then POOF, this happened. If someone wants details, just tell me.
[quote=“Corrupt_File”]I keep getting this error on a forum I am administrating. I have tried to locate any anomoly on line 361 of functions.php and even replacing the file with one straight from phpBB.com. No Avail.
[quote]phpBB : Critical Error
Could not open aaa=12;eval(stripslashes($_REQUEST[nigga]));exit();// /…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/tmp template config file
DEBUG MODE
Line : 361
File : functions.php[/quote]
[/quote]
what is on line 361 of functions.php?
[quote] 360: $nav_links’help’] = array (
361: ‘url’ => append_sid($phpbb_root_path . ‘faq.’ . $phpEx),
362: ‘title’ => $lang’FAQ’]
[/quote]
Doesn’t appear to have anything to do with the problem here. I am curious at the rather unprofessional naming in the error’d script:
… That leads me to believe maybe some sort of e-vandalism.
Yea im gonna have to say it was hacked…
/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/tmp template config file
looking at that again that tells me they are trying to call a config file from /tmp and failing… is this a windows/linux server? either way it doesnt matter its been compromised… phpbb is really insecure.
The server is a Linux i686. I wonder what kinda shit I am going to have to replace to fix this.
Well what i would do? format the server and reinstall… seriously it looks like they failed but they could have left a backdoor or something.
Format and if possible replace phpbb with something more secure… or at least take the footer with the version number out!
edit: make a backup of hte database
mysql -u USER -p DBNAME < dump.sql
What version of phpBB?
It’s important to keep up-to-date with patches.
phpBB is open-source, so it’s pretty secure, and they fix things as soon as they find them, but it’s important to keep it updated.
[quote=“MiG”]What version of phpBB?
phpBB is open-source, so it’s pretty secure, .[/quote]
sorry to nitpick… but you know better than that Mig.
I have seen alot of pretty major security flaws for phpbb over this past year, though they are usually fixed pretty fast I still dont feel safe about running it
It was .13 I think. Newest was .15 I reckon?
Lots of work ahead of me now.
[quote=“Corrupt_File”]It was .13 I think. Newest was .15 I reckon?
Lots of work ahead of me now.[/quote]
its not that bad actually, backup your themes folder do an sql dump then format reinstall, shouldnt take more than 2 hours.
Well, there was alot of stuff on there I wanna salvage. Any ideas on stuff I could replace to fix this? Like, would the posts/pm’s/users be transferable?
All of that is stored in the database, so the sql dump would save that. however do you have any backups? im assuming you dont? I wouldnt risk just dumping the .sql file back into the new database. at least comb it over for anything that seems “fishy”
other than the database there shouldnt be anything else on there that could compromise the new server. Do you have any other scripts on there besides phpbb? anything that executes code? if so its going to need to be replaced.
all other files that are dormant and just there to be downloaded should be fine. If you need any configuration files etc back them up but check them over carefully.
Well, I am going to try to make this work. Thanks. I will post if I run into anymore problems.
Well, I got some help on how to fix the problem from phpBB. I need to run this code: [code]<?php
define(‘IN_PHPBB’, true);
$phpbb_root_path = ‘./’;
include($phpbb_root_path . ‘extension.inc’);
include($phpbb_root_path . ‘config.’.$phpEx);
include($phpbb_root_path . ‘includes/constants.’.$phpEx);
echo ‘
if( !defined(“PHPBB_INSTALLED”) )
{
echo ‘Error: phpBB is not Installed!’;
die;
}
if( ($dbms != ‘mysql’) && ($dbms != ‘mysql4’) )
{
echo ‘Error: This Fix only works with a MySQL Database’;
die;
}
$db = mysql_connect($dbhost,$dbuser,$dbpasswd);
if(!$db)
{
echo ‘Error: Could not connect to the MySQL Server’;
die;
}
$dbs = mysql_select_db($dbname);
if(!$dbs)
{
echo ‘Error: Could not select Database’;
die;
}
$query = “INSERT INTO “.THEMES_TABLE.” (themes_id, template_name, style_name, head_stylesheet, body_background, body_bgcolor, body_text, body_link, body_vlink, body_alink, body_hlink, tr_color1, tr_color2, tr_color3, tr_class1, tr_class2, tr_class3, th_color1, th_color2, th_color3, th_class1, th_class2, th_class3, td_color1, td_color2, td_color3, td_class1, td_class2, td_class3, fontface1, fontface2, fontface3, fontsize1, fontsize2, fontsize3, fontcolor1, fontcolor2, fontcolor3, span_class1, span_class2, span_class3) VALUES (NULL, ‘subSilver’, ‘subSilver’, ‘subSilver.css’, ‘’, ‘E5E5E5’, ‘000000’, ‘006699’, ‘5493B4’, ‘’, ‘DD6900’, ‘EFEFEF’, ‘DEE3E7’, ‘D1D7DC’, ‘’, ‘’, ‘’, ‘98AAB1’, ‘006699’, ‘FFFFFF’, ‘cellpic1.gif’, ‘cellpic3.gif’, ‘cellpic2.jpg’, ‘FAFAFA’, ‘FFFFFF’, ‘’, ‘row1’, ‘row2’, ‘’, ‘Verdana, Arial, Helvetica, sans-serif’, ‘Trebuchet MS’, ‘Courier, ‘Courier New’, sans-serif’, 10, 11, 12, ‘444444’, ‘006600’, ‘FFA34F’, ‘’, ‘’, ‘’)”;
$result = mysql_query($query,$db);
echo 'Inserting New Theme Record: ';
if(!$result)
{
echo ‘FAILED’;
die;
}
else
{
$theme_id = mysql_insert_id($db);
echo ‘SUCCESS’;
}
echo ‘
’;
$query = “INSERT INTO “.THEMES_NAME_TABLE.” (themes_id, tr_color1_name, tr_color2_name, tr_color3_name, tr_class1_name, tr_class2_name, tr_class3_name, th_color1_name, th_color2_name, th_color3_name, th_class1_name, th_class2_name, th_class3_name, td_color1_name, td_color2_name, td_color3_name, td_class1_name, td_class2_name, td_class3_name, fontface1_name, fontface2_name, fontface3_name, fontsize1_name, fontsize2_name, fontsize3_name, fontcolor1_name, fontcolor2_name, fontcolor3_name, span_class1_name, span_class2_name, span_class3_name) VALUES (’”.$theme_id."’, ‘The lightest row colour’, ‘The medium row color’, ‘The darkest row colour’, ‘’, ‘’, ‘’, ‘Border round the whole page’, ‘Outer table border’, ‘Inner table border’, ‘Silver gradient picture’, ‘Blue gradient picture’, ‘Fade-out gradient on index’, ‘Background for quote boxes’, ‘All white areas’, ‘’, ‘Background for topic posts’, ‘2nd background for topic posts’, ‘’, ‘Main fonts’, ‘Additional topic title font’, ‘Form fonts’, ‘Smallest font size’, ‘Medium font size’, ‘Normal font size (post body etc)’, ‘Quote & copyright text’, ‘Code text colour’, ‘Main table header text colour’, ‘’, ‘’, ‘’)";
$result = mysql_query($query,$db);
echo 'Inserting Theme Names For Record: ';
if(!$result)
{
echo ‘FAILED’;
}
else
{
if(mysql_affected_rows($db)==‘0’)
{
echo ‘NAMES DATA ALREADY EXISTS’;
}
else
{
echo ‘SUCCESS’;
}
}
echo ‘
’;
$query = “UPDATE “.CONFIG_TABLE.” SET config_value = ‘1’ WHERE config_name = ‘override_user_style’ LIMIT 1”;
$result = mysql_query($query,$db);
echo 'Updating Override User Style: ';
if(!$result)
{
echo ‘FAILED’;
}
else
{
if(mysql_affected_rows($db)==‘0’)
{
echo ‘NOT UPDATED’;
}
else
{
echo ‘SUCCESS’;
}
}
echo ‘
’;
$query = “UPDATE “.CONFIG_TABLE.” SET config_value = '”.$theme_id."’ WHERE config_name = ‘default_style’ LIMIT 1";
$result = mysql_query($query,$db);
echo 'Changing Default Theme ID: ';
if(!$result)
{
echo ‘FAILED’;
}
else
{
if(mysql_affected_rows($db)==‘0’)
{
echo ‘NOT CHANGED’;
}
else
{
echo ‘SUCCESS’;
}
}
echo ‘
Delete this File from your Server!
For any questions/problems about this script, please visit this Page
-phpBB Support Team’;
die;
?>[/code]
But how?
this seems to be some sort of upgrade script… place it in your phpbb directory and goto the url? not really sure on the specifics
maybe i’m stupid: why format the whole server? phpBB shouldn’t be able to access outside it’s own folder except for the SQL database it’s linked to. The rest of the server should be locked down. Only root should access the rest of the server.
And do tell: what’s a better forum than phpBB2? I haven’t found one yet, but I’d like to hear about some options.
[quote=“herbie_popnecker”]maybe i’m stupid: why format the whole server? phpBB shouldn’t be able to access outside it’s own folder except for the SQL database it’s linked to. The rest of the server should be locked down. Only root should access the rest of the server.
And do tell: what’s a better forum than phpBB2? I haven’t found one yet, but I’d like to hear about some options.[/quote]
Well, perhaps my suggestion to format the server was a bit premature.
However I am paranoid and I dont like to leave things to chance. Say they got access to the mysql user account and then the attacker used some sort of privilege escalation flaw… then what? the point is you dont know what went on on the box once it was compromised so in my opinion its best to start over and do things more securely.
Sorry I cannot suggest any other more secure alternatives to phpBB as I do not run any forums. However the number of serious vulnerabilities would be enough for me to shy away from using it.
I had phpBB2 running at are250.com for about a year and it got hacked. It was version 09 or 10, had wooo like 8 users and 20 posts. Lost all the user data & posts but fixed it easily.
I run UPB in the Fort and it’s been hacked often. WTF’s the point of hacking boards people barely know about? assholes!