phpbb and php security problem

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

User avatar
admin
Site Admin
Site Admin
Posts: 123
Joined: Wed Apr 17, 2002 7:49 am
Location: Rome, Italy
Contact:

phpbb and php security problem

Postby admin » Thu Jul 18, 2002 1:23 am

One of my friends has been attacked today due to lack
of security on php.ini and for an exploit on phpbb forum.


If you are running phpbb forum be sure to delete install.php ,
and if you are on a dedicated server be sure to turn off
allow_url_fopen and register_globals on your /etc/php.ini.

If you are on a shared server you could suggest your host
to turn off allow_url_fopen and register_globals
on your /etc/php.ini.

hope this helps.

User avatar
Oleg Butuzov
Last Samuray
Last Samuray
Posts: 831
Joined: Sun Jun 02, 2002 3:09 am

Postby Oleg Butuzov » Thu Jul 18, 2002 1:38 am

So time ago I cheked this forum to any bugs and all (security) bugs was fixed ...

Garziano - you are realy good admin =)

User avatar
admin
Site Admin
Site Admin
Posts: 123
Joined: Wed Apr 17, 2002 7:49 am
Location: Rome, Italy
Contact:

Postby admin » Thu Jul 18, 2002 11:53 am

Thanks :P

jepetto
New php-forum User
New php-forum User
Posts: 3
Joined: Thu Oct 14, 2004 9:42 am

Postby jepetto » Sat Oct 16, 2004 3:45 am

Hello!
I’m replying this post because I have a problem accessing phpbb from an Internet computer. And I think the problem is "to much security" in php.ini definitions. It’s an inverse security problem :???: .
I already post in support phpbb forum but nobody reply me.

The post I have made is this:
I pretend to install phpbb in a home server.
I can access installation page from any internet computer and everything goes fine. But when I try to log in the page doesn’t appear.

Now, I’m going to explain in details my procedures and what appends.

I unzip the phpbb directly to the server folder (I did this in the server). I don’t know if this is related with the problem.

Next, from a computer in the internet I request the install.php page and (after fill in the form) I click on “Start Install”.
Next, I click on “Finish installation” (after the security procedures).
Everything goes fine until this step.

Next, I request the page login.php (or other else) and the same thing always appends:
-The page seams will open because in the title appears “yourdomain.com”. But this disappears very fast and is shoed a page that says:
"At this moment, the page you request is not available. The web site could be with technical problems or maybe you need to adjust the browser definitions"

So, I think the problem could be the permissions of the php. I use phpbb 2.0.10 and php 4.3.1.

Just one more think:
-the problem that I have with phpbb also happens, for example, when I try to access (from a computer in the internet) a page that shows the php definitions (fortunately).
-In fact I can access the phpbb pages from the server but not from a computer connected through the internet.

I hope that this description could help to resolve the problem.
Thanks



So, what you (or somebody else) think?
Can you help me solving this problem?
Thanks!


Return to “PHP & MySQL Security”

Who is online

Users browsing this forum: No registered users and 0 guests

cron