PDA

View Full Version : Forum Exploit



retarded_archer
14th March 2005, 01:47 PM
"There is a huge exploit going around various PHBB based forums, including video game forums in which you are asked to do something like the following...

"Due to the recent large volume of traffic we've been recieving, we have re-built our site to use a new framework which will speed things up significantly. This new system requires that you download a plugin in order to be able to access our site. Don't worry, this plugin won't harm your computer in any way, it will only enable your browser to communicate with our server more efficiently. You cannot view our site until you've installed this plugin.

Make sure you chose 'run' when asked what you want to do with this file.

Click here to install (147 KB)"

Whatever you do, DO NOT click it since it contains various exploits and back door programs that are harmful to your computer. You can not access the forum even if you download it. It's just a trick to get you to do it, but don't. Revisit the page another time when that is not present."

Sticky Please.

Stephen
14th March 2005, 02:17 PM
Where is your information coming from? I'd like to see a reliable source before I sticky a thread.

White_Hindu
14th March 2005, 04:18 PM
phpBB 2.0.11 fixes the problem. My 2.0.5 board was hacked, but the update(phpbb.com) fixes it.

retarded_archer
14th March 2005, 05:20 PM
http://news.netcraft.com/archives/2004/12/18/php_exploit_enables_theft_of_phpbb_passwords.html

I actually got it from another thread. But I googled it.

Tau
15th March 2005, 10:38 AM
This topic has come up before, from a different angle.

It is an exploit in old versions of phpBB. The answer for the forum admins is to update the forum software.

The answer to this for forum users is to use common sense. Do not click to install anything where you don't know what it is. Also, when confronted by something like that you could always SAVE it rather than RUNNING it (that whole make sure you click Run thing would have made me very suspicious), then google for info on it before running it.

Quite frankly if you possess that little knowledge of system security, or that little common sense, then stickying this thread will be of no help at all because if it isn't one worm/virus/trojan that gets someone it will be another. :/

hypa
15th March 2005, 04:36 PM
Moved to PC....

BLORTH
16th March 2005, 08:58 AM
I don't see why this was moved to PC. It won't be seen there, and it's more important in the GD where everyone can see it. Genius.

If you have a problem with a decision a moderator made take it up with that moderator over PM, do not fill the thread with spam. ~Flocito