Are Hackers targetting phpbb2?

I find a number of users get to my site with the following search string:

Are they looking for a weakness in phpbb2 so that they can hack it?

I did have a minor hack on my site a week or so back, but fixed this and installed the latest phpbb2 code.

Any one else getting this sort of query, or have any idea what it is about?

 

phpBB is notoriously insecure.

 

I've had 2 phpBB forums hacked - so irritating. Moved everything to SMF and never looked back.

 

Yeah, but I can't integrate it with my postnuke site

 

SMF is free too though. Is it on a par with vb in terms of unhackability you think?

 

The only site I have had hacked were phpnuke sites. They had a bot hitting and phpNuke Search form and got log in infomation (encrypted password) and then did sql injection and put their logo on my site and did redirects to there ha-ha we hacked you site in Turkey.

I moved /admin.php to /abcxyz/admin.php which has worked so far.

What are they doing to hack phpBB? Any remedial fixes like my hiding the admin page?

 

I don't know what they are planning, or even if there is a weakness there, I just had a high number of referrals of this search term!

 

There are several PHPBB2 scripts out there, it is most probably script kiddies so not too much to worry about. Just kept your forums updated and you should be fine.

As for SMF, yes it is more secure statistically, just remember there are more people using phpbb at the moment (so more people can get hacked = more publicity) so as SMF increases in popularity, more hacks will become avaliable for it and it will become a bigger target for our lil script kiddies.

Hope this helps,
Regards,
Chris Allen
Technical Director
UK National Networks LTD

 

all free scripts have a higher chance on getting hacked then paid scripts.

 

ya atm only encrypted scripts are safe

 

That is a ridiculous statement.

Any script can be hacked regardles of encryption or not. Hackers do not have to know what's in the script code as such. All they need to know is that if they try various methods of attacks and suspect queries, the script will execute one of them enough to allow them to exploit it to their advantage.

 

SMF is much more secure and less targeted by spammers.

 

I have been studying security vulnerabilities of different software, including bulleting boards, and I can say that earlier versions of PHPBB contain a number of serious flaws that can lead to many problems, you may get a deface or even worse. It is also widely used by script kiddies who know next to nothing in programming and are hardly capable of anything but copy&paste. Yes, I agree, that PHPBB is known as insecure, but I don't think it really is - they have official bugtraq and release patches very quickly (usually within 24 hours), which means if you keep up with the updates you are unlikely to get you board hacked. As for SMF, so far I haven't heard of any serious flaws, but they are much slower to respond to bug reports and earlier versions do contain XSS vulnerabilities. In fact I'm sure there's no 100% bug-free software be it paid or free