Well I believe there was some script to hack random phpBB sites a while back, so it was probably some 31337 kids being cool…
edit: someone give me a job 
Interesting notes, using latest PhpBB2 and fetchall, I login thru portal.php it sends me to the root folder of the whole server using Explorer. If i use firefox i get "phpBB Fetch All: $phpbb_root_path is wrong and does not point to your forum."
Just a little more informative than useless MSloth…
Also noted that if you enable the confirmation codes on registration (a graphic) it won’t show up on most styles. Returned to subsilver to keep the feature. As well as a double login to the admin panel.
But I’ll leave it alone for awhile, gotta figger out Cistron radius…bleaghh!
If it is so hackable how come htmf hasn;t been hacked. ?
It’s not “hacking” or “hackable”
But yeah, there have been lots of updates on HTMF.
I’m pretty certain our recent defacement was due to a certain script run on another site on the server, though, not on phpBB.
HTMF has been “hacked”.
It just goes to show you that getting lax about updates for ANY part of a server can lead to said server’s compromising.
[quote=“MiG”]It’s not “hacking” or “hackable”
But yeah, there have been lots of updates on HTMF.
I’m pretty certain our recent defacement was due to a certain script run on another site on the server, though, not on phpBB.[/quote]
And thats the point right there if you get to the updates before the hacker gets to hacking you then you are good. phpBB is most likely getting more secure now… well I’d hope so after all the security patches issued but looking at its track record it is by no means a secure piece of software.
Jason its the same reason my windows XP machine without service pack 1 has not been hacked, proper measures have been taken to ensure its security.