Recently my ad_network_ads.txt file on a phpbb forum was hacked. The webhost made the file unwritable which of course dropped all the coop ads. I'm curious to see if anyone has had this happen before and what was done to resolve the situation. Could all this have been prevented if I was more timely updating from 2.19 to 2.20?
What do you mean the .txt file was "hacked" exactly? It sounds to me like phpBB was hacked, and then they edited the .txt file because of that.
You're probably right - All I know is that my control panel had 2 ad_network_ads.txt files and one of them said (hack removed). I can no longer chmod the .txt file (and it's no longer writable). I'm just wondering how unique my experience is and if anyone has faced it before, I could use some advice.
Interesting I was wondering if the .txt could be a problem. What was the contents? Are you saying someone just broke co-op by changing its permission or managed to execute something from it? Either way Shawn will want/need to know. Rob
My host still hasb't told me what they removed but if they had to intervene I guess they were able to execute something. It was 666, not 777 though...
Hi Jim, I think they put something in the file, changed its permissions to read only so its not overwritten. Each time a page is shown the .txt contents got executed via the 260 echo, they may have edited that file too - bit late for me to play and see. Its just a guess - looks like nothing wrong with co-op files - you were hacked beforehand and they used this as the delivery method. I wonder if theres a way to You log files may have some interesting tit-bits. Rob.
Well I'm in over my head here, so I hired someone to check things out. If he finds anything I'll report back.
The guy I hired said that's possible but if phpbb were hacked the hackers would normally do a lot more than rewrite the ads.txt file. He also suggested that maybe the Admins from the web hosting company just screwed up and there never was any hack...
PhpBB has had its share of vulnerability in the past few months, however what version of phpBB were you using. Would it be possible to upload http access logs?