PHPBB Security Back Doors.

Lazarus

Part of the furniture
Joined
Dec 22, 2003
Messages
2,874
Guys,

We bit of PHPBB forum security advice please.

We have a forum powered by the above which was setup by the guy that started the club.

He has now since left the club, but has been left on the board with restricted access. However, it appears he has a "back door" to the forum as he has re-instated himself with full permissions.

We suspect that he had the use "Editor" password which allowed him to do this, so we have changed the password for that user.

However, is there other "back door" techniques out there which would allow someone to have complete acess to the forum?

The memberlist for this forum has been pruned so that only specific members are active - all others have been deleted.
 

MYstIC G

Official Licensed Lump of Coal™ Distributor
Staff member
Moderator
FH Subscriber
Joined
Dec 22, 2003
Messages
12,362
Have the passwords changed on the database, web hosting, ftp, etc, etc.

It's been a long time since I messed with phpBB but if there's a config setting for usernames with admin access then he may just be adding back his user ID.

If he's doing this via the web, put in a generic login/password .htaccess setting that covers the admin control panel.
 

Lazarus

Part of the furniture
Joined
Dec 22, 2003
Messages
2,874
cheers Meg - ill get those checked out for starters!
 

Users who are viewing this thread

Top Bottom