I am running a phpbb portal, and i found this in the .htaccess file im guessing it helps protect agains some naughty things just pop this into your .htaccess file in main forum/portal root # prevent access from santy webworm a-e RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR] RewriteCond %{QUERY_STRING} ^(.*)rush=\%65\%63\%68 [OR] RewriteCond %{QUERY_STRING} ^(.*)rush=echo [OR] RewriteCond %{QUERY_STRING} ^(.*)echr(.*) [OR] RewriteCond %{QUERY_STRING} ^(.*)esystem(.*) [OR] RewriteCond %{QUERY_STRING} ^(.*)union(.*) [OR] RewriteCond %{QUERY_STRING} ^(.*)UNION(.*) [OR] RewriteCond %{QUERY_STRING} ^(.*)alert\(document(.*) [OR] RewriteCond %{QUERY_STRING} ^(.*)SQL_INJECTION(.*) [OR] RewriteCond %{QUERY_STRING} ^(.*)wget\%20 RewriteRule ^.*$ http://127.0.0.1/ [R,L] # prevent pre php 4.3.10 bug RewriteCond %{HTTP_COOKIE}% s:(.*):\%22test1\%22\%3b RewriteRule ^.*$ http://127.0.0.1/ [R,L] # prevent perl user agent (most often used by santy) RewriteCond %{HTTP_USER_AGENT} ^lwp.* [NC] RewriteRule ^.*$ http://127.0.0.1/ [R,L] Code (markup):
There are other things you can do to protect your PHPBB. A good thing you can do is replace the "Powered by PHPBB" with a image version. It was how the worms (for which that .htaccess was needed) found the forums. It is also how script kiddies find unpatched PHPBBs using Google. You can also relocate your admin folder.
should taht script also work in phpnuke?? sorry i'm a reaaaaaaly nooob at .htaccess and server like things...
The best protection for phpBB forums these days is to convert to vBulletin or SMF. Their so-called "development team" has been taken over by teenagers, as far as I can tell. The current idea of support is a mish-mash of conflicting and version 2/version 3 hybrid patches. My prediction is that version 3 will never actually be released or by the time it finally is their user base will have evaporated. That's what happens when you base a marketing and development strategy on the Betamax and then staff your team with high school kids studying for their midterm exams and getting high at the sock hop. Signed, a disgruntled ex-phpBB fan.
Even if that is the case, I don't think its right to assume that their issues stem from have some teenagers on staff. UseBB is created and run by a teen and its quite good. That said, you're probably right about the fate of version 3.
You're right. I'm not trying to insult teens. I'm really just saying the phpBB team doesn't seem to know what the hell they're doing any more. They're probably pre-teens
hehe. so true.... i would love to be an ex-fan of phpbb, but i am just too afraid to learn new templating systems.
well i guess you're all right here, i do want to convert to vB, but that €160 prevents me doing that (i don't have that money..... )
SedNaX, try Simple Machines (SMF): http://www.simplemachines.org/ It is free (open source) and offers many of the features/benefits of vBulletin plus a few of its own. Well constructed software, good support. And the conversion from your phpBB forum is smooth and easy.
I also have started using Mybb which is very interesting and has some great features. It's imho the closest you can get to VB for FREE. It's also a growing project and doing very well. It utilizes some excellent features like caching, reputation, and user control panel. Check it out BEFORE you go to VB. http://www.mybboard.org It also has a phbb converter. Create a subdomain like test.yorudomain.com and do an install and conversion...see if you like it.
hmm this looks a really good one, i've heard of it once but never went to their site. i'll try it out when i'm done removing phpnuke (with that horrible bbtonuke forum that's 2 updates behind phpbb and couuuntless bugs)! labrocca: the link is down?
I now have two active forums using SMF if you want to see some live demos with a bit of customization: http://forum.psychlinks.ca http://www.bandofgonzos.com