Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: rogerd
As I see it, there are three possible explanations to why it could be hacked:
1. I didn't run the latest version, but I updated it manually after each security alert.
2. I switched host only a few days before the attack.
3. I added a mod called "quick reply".
Anyway, does anyone here have similar experience, and how I can prevent this from happening again? Can I blame my new host for not making a secure environment for forums?
phpBB Advanced Quick Reply Mod arbitrary code execution [secunia.com]
Unpatched. Secunia Advisory 1 of 1 in 2002
phpBB Advanced Quick Reply Mod 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical
Another "to-do" on the checklist: search for the security history of any mod you apply.
Where did you get the mod from? Was it from the phpbb.com official mods database, or from an unofficial source?