Jump to content

Phpbb Account Hacked


Honeymoon
 Share

Recommended Posts

I host a phpBB forum on my site and recently someone accessed the account of one of my members without permission. The IP was logged by phpBB and also by my site logs from TCH.

 

It seems a password was guessed or hacked. Obviously I am unhappy about this. Can I take any action against the person responsible?

Link to comment
Share on other sites

welcome to the forum Honeymoon :)

 

It depends if you can find out who they really are. for example if that is their real IP address, and where in the world they are.

 

Number one priority, to be honest, is to ensure your scripts are fully uptodate, and passwords secure.

Link to comment
Share on other sites

welcome to the forum Honeymoon :)

 

It depends if you can find out who they really are. for example if that is their real IP address, and where in the world they are.

 

Number one priority, to be honest, is to ensure your scripts are fully uptodate, and passwords secure.

 

Thanks for the welcome Andy. I totally agree regarding the number one priority. My own passwords etc are secure and I have advised my forum members to have secure passwords. That is all I can do.

 

I have an IP which I believe to be real. It is a broadband provider in the UK, where I myself live, and unlikely to be a proxy. Private areas of the forum were accessed and private information from them was retrieved by the hacker.

Link to comment
Share on other sites

And just to reiterate...aside from making sure passwords are secure, you really need to keep up with any updates to phpbb as soon as they are released. phpbb seems to be a common target for hacks. I believe that when you log in as admin on phpbb, it will tell you if there are any updates available at the bottom of the page.

 

Good luck getting to the bottom of this.

Link to comment
Share on other sites

  • 2 months later...

SMF, like a lot of big forum scripts, limits the amount of failed log ins an IP can make before banning them. I believe phpBB 3 (Olympus) has this feature but is still at RC1. Most now also let you set a security level on the password they put in to make sure they are secure.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...