I'm assuming from the logs they posted, whoever did it backed up the databases before doing whatever else they did. It also appears that the compromise was either public or hacked access to the admin utilities. Maybe there was no http auth setup on /admin? phpBB doc's tell you to do that as part of the installation...
It's sad that people would do this stuff, but being a phpBB admin myself, I know there's been alot of stupid script kiddies going after phpBB sites lately. A board I maintain got hit with false (scripted) new users a couple weeks ago, so I enabled visual conformation (enter what you see in the image while creating accounts), so them someone had the nerve to manually create an account and post a bunch of messages linking to a porn site. I then promptly enabled admin activation of all new users to go along with the visual conformation. :) PS, anyone running phpBB should use sourceforge's release monitoring and watch for new versions. I have a habit of upgrading the same day new security fixes come out, just to stay safe... Cecil / Dale: I'll be glad to help in any way I can... -Kenneth
_______________________________________________ mythtv-users mailing list [email protected] http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
