Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: rogerd
how can a user register without a POST /phpBB2/profile.php...?
thanks for any help ...
[edited by: engine at 4:53 pm (utc) on Feb. 14, 2005]
[edit reason] TOS [webmasterworld.com] [/edit]
I notice your forums show they're running 2.08, but your post here says 2.011. You should probably double-check to be absolutely sure you don't have the highlight vulnerability issue.
Wow. I'd venture to say that if someone was able to register a user on your phpBB account and there are absolutely no log entries for that time, one of two things happened: either the registrant was able to get direct db access at your server (eg. they came in through another account on a shared server) or they were able to erase the log files to cover their tracks. Either way you could have a security issue that's worth checking into!
Just as a general reminder to anyone running phpBB, if you didn't upgrade to 2.0.11 immediately after the highlight vulnerability became public knowledge (around November 19th, 2004), you really should check your site to make sure no hidden files have been installed. 2.0.11 provides no protection if you already have a backdoor installed!
A friend of mine fixed the highlight vulnerability (by upgrading to 2.0.11) in early December. He only realized two days ago that a backdoor had been installed in the short time-frame that elapsed before he upgraded. Interestingly, the users of the backdoor were completely "stealth", running processes on his server (and adding 27 extra tables to his DB), but in no way did they affect the functionality of his forum.
Again, for anyone who upgraded to 2.0.11 after November, it would be wise to check your site for anything unusual.
You need to take the forum (and probably the rest of the site or even the server) offline and rebuild from a fresh phpBB 2.0.11 package. If it is a shared server, your host will need to look into the problem as well - the attacker could be controlling other sites on the same server, and if there are vulnerable scripts by other users, you're still not out of the woods.
Your database needs to be rebuilt from scratch, and all passwords (including control panel, FTP, email, MySQL database name and password and ALL forum member passwords) need to be changed - once you're ensured that any backdoors have been removed, of course.
Perhaps I should add this: good luck!