DeveloperSide.NET Forums

DeveloperSide.NET => Feedback and Suggestions => Topic started by: Techie-Micheal on November 17, 2006, 06:58:48 PM

Title: Article phpBB Mods is incorrect
Post by: Techie-Micheal on November 17, 2006, 06:58:48 PM

Problem: phpBB displays "Powered by phpBB 'version'" at the bottom of each page. This allows an individual to search Google, or any other Search Engine, for all domains/websites that are running specific older versions of phpBB -- which are known to have vulnerabilities and exploits.

phpBB hasn't displayed the version number at the bottom for quite some time. If it does, it means phpBB hasn't been updated properly.

Solution: Update phpBB version string to '2.x.x'.


Login into MySQL. Enter SQL query...
REPLACE INTO phpbb2.phpbb_config (config_name, config_value) VALUES('version', '.x.x');

Doing this will break the update notification in the admin panel, and is unnecessary since phpBB doesn't display the version number in the footer. It also harms the Support Team when someone asks for help and doesn't know what version they are running.

Just an FYI.

Support Team Leader, phpBB

Title: Article phpBB Mods is incorrect
Post by: admin on November 17, 2006, 11:45:42 PM
Maybe around version 2.0.12/15?. I just never really got to updating that Guide.
I've removed that section and have added new info.

Now if only someone could tell me why all lines that start with a '#' in quotes/code are not being displayed after a backup I did some time ago, and why my mysqldumps of phpbb data after MySQL 4.0 -> 4.1 upgrade are now only half the size of the backup I get via phpBB's admin interface, I would be set.

Title: Re: Article phpBB Mods is incorrect
Post by: majika on February 04, 2007, 10:49:11 PM
Yep Techie-Micheal has a point. Its easier for wood be hackers/ script kiddies to get a foot hold into vuln systems which will can easily be found through Google using a simple search querys like (Examples)
inurl:service.pwd or inurl:userlist or intitle:"Index of" php.cgi  or "index of" / lck see
  what that brings up. There is one I know that is for this exact vuln but wont post it here !

But you get the point anything that you can remove from the installation package that can be indexed from the outside world like google bots (and others) remove it or simply put loose it ! and its not just google bots you have to worry about there is a whole host of similar SE that you can do this trick on...