phpbb hacked, any ideas?

Discussion in 'Web Design and Development' started by eclipse, Nov 8, 2008.

  1. eclipse macrumors 6502a


    Nov 18, 2005
    Hi all,
    I hope it wasn't something I did. I used only official phpbb themes.

    Anyway, I clicked on the group's bb this morning only to find the following message.

    Any ideas what has happened and how I can avoid it in future? I'm such a newb!:eek:
  2. Cromulent macrumors 603


    Oct 2, 2006
    The Land of Hope and Glory
    phpBB is regularly hacked. It is one of the most vulnerable forum scripts available simply because it is used so much.

    Not much you can do other than make sure your server is properly hardened and you have done all you can to protect the config file (if there is one, been a while since I used phpBB).
  3. eclipse thread starter macrumors 6502a


    Nov 18, 2005
    I'm confused, is phpbb_config an actual file name in phpbb, or is it a line of code somewhere? (Feeling newb again). :eek:
  4. angelwatt Moderator emeritus


    Aug 16, 2005
    Just from doing some Google, it looks like phpbb_config is a table name in the database. The error message you provided before says there's a database named beyondfed, have you created that database? I couldn't find anything by that name online, which is why I'm wondering.

    I found this thread where someone had the same exact error message, but for a different database name. On that thread the issue was related to the install not being completed properly.
  5. mshepherd macrumors regular

    Feb 29, 2004
    phpBB 3 is not regularly hacked. If you are using an older version you are more prone.
  6. mikeyr0x macrumors member

    Oct 24, 2008
    Check with your host and see if they have a good backup of your site that is intact. If they do, then ask them to restore it and upgrade to the newest phbb version immediately afterward.
  7. SrWebDeveloper macrumors 68000


    Dec 7, 2007
    Alexandria, VA, USA
    I am experienced at forum setup including phpBB and vB.

    Yes it is possible you got hacked, the usual culprit with any phpBB is SQL injection, since it's open source developed and many third party hacks are not standardized:


    It is technically possible to delete tables using SQL injection due to a combination of insecure PHP code and insecure database privileges for the user being granted access to that database in the connect string.

    So here's what you do after your forum is back online running the latest stable version:

    1) Immediately change the username and password to access the DB
    2) Make sure the phpBB file storing that information is chmod 644
    3) Visit the official phpBB bug tracker and upgrade/resolve all issues for your version
    4) Only hack using officially approved hacks at as they are tested/better written than those linked to third party sites from the phpBB community help forum.


Share This Page