phpBB becoming self-conscious
This is a discussion on phpBB becoming self-conscious within the PHP Language forums, part of the PHP Programming Forums category; Hi, everybody, Rather strange thing occured to my phpBB forum. Out of nowhere I got a user with user_id=99999, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-24-2005
|
|||
|
|||
phpBB becoming self-conscious
Hi, everybody,
Rather strange thing occured to my phpBB forum. Out of nowhere I got a user with user_id=99999, user_regdate=0 (UNIX timestamp, so regdate would be "01. 01. 1970. (01:00:00)"), and user_last_visited=0. No admin created that user, and I amy only one having direct access to the MySQL base. WTF??? How can this happen? New user with totaly strange properties just poped out of the blue? Such things just don't happen... has anybody any reasonable explanation? If the forum is hacked, then why that user isn't forum admin? Why bother hacking forum just to add awkward user and do nothing with it? Here's the "select * from phpbb_users where user_id=99999;": user_id=99999 user_active=1 username=ze3lock user_password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx user_session_time=0 user_session_page=0 user_lastvisit=0 user_regdate=0 user_level=1 user_posts=0 user_timezone=0.00 user_style=NULL user_lang=NULL user_dateformat=d M Y H:i user_new_privmsg=0 user_unread_privmsg=0 user_last_privmsg=0 user_emailtime=NULL user_viewemail=NULL user_attachsig=NULL user_allowhtml=1 user_allowbbcode=1 user_allowsmile=1 user_allowavatar=1 user_allow_pm=1 user_allow_viewonline=1 user_notify=1 user_notify_pm=0 user_popup_pm=0 user_rank=0 user_avatar=NULL user_avatar_type=0 user_email=NULL user_icq=NULL user_website=NULL user_from=NULL user_sig=NULL user_sig_bbcode_uid=NULL user_aim=NULL user_yim=NULL user_msnm=NULL user_occ=NULL user_interests=NULL user_actkey=NULL user_newpasswd=NULL What do I do? The other forum admin says that's the second time this happens, first time he just deleted the user not mentioning this to me... -- "Now the storm has passed over me I'm left to drift on a dead calm sea And watch her forever through the cracks in the beams Nailed across the doorways of the bedrooms of my dreams" 
|
|
01-24-2005
|
|||
|
|||
|
Re: phpBB becoming self-conscious
Nikola Skoric wrote:
[snip] > user_id=99999 > user_active=1 > username=ze3lock A google search on this username would have quickly led you to several notifications of the phpBB security hole which was found and patched a couple months ago. You should at a minimum remove the user account and upgrade to phpBB 2.0.11 immediately. http://www.securiteam.com/unixfocus/6Z00R2ABPY.html http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=244451 -- brion vibber (brion @ pobox.com)
|
|
01-25-2005
|
|||
|
|||
|
Re: phpBB becoming self-conscious
Dana Mon, 24 Jan 2005 03:47:39 -0800
Brion Vibber (brion@pobox.com) kaze... > Nikola Skoric wrote: > [snip] > > user_id=99999 > > user_active=1 > > username=ze3lock > > A google search on this username would have quickly led you I'm terribly embarassed. Thank you for the info... -- "Now the storm has passed over me I'm left to drift on a dead calm sea And watch her forever through the cracks in the beams Nailed across the doorways of the bedrooms of my dreams"
|
Linear Mode
