By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,510 Members | 1,153 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,510 IT Pros & Developers. It's quick & easy.

phpBB becoming self-conscious

P: n/a
Hi, everybody,

Rather strange thing occured to my phpBB forum. Out of nowhere I got a
user with user_id=99999, user_regdate=0 (UNIX timestamp, so regdate
would be "01. 01. 1970. (01:00:00)"), and user_last_visited=0. No admin
created that user, and I amy only one having direct access to the MySQL
base. WTF??? How can this happen? New user with totaly strange
properties just poped out of the blue? Such things just don't happen...
has anybody any reasonable explanation? If the forum is hacked, then why
that user isn't forum admin? Why bother hacking forum just to add
awkward user and do nothing with it? Here's the "select * from
phpbb_users where user_id=99999;":

user_id=99999
user_active=1
username=ze3lock
user_password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
user_session_time=0
user_session_page=0
user_lastvisit=0
user_regdate=0
user_level=1
user_posts=0
user_timezone=0.00
user_style=NULL
user_lang=NULL
user_dateformat=d M Y H:i
user_new_privmsg=0
user_unread_privmsg=0
user_last_privmsg=0
user_emailtime=NULL
user_viewemail=NULL
user_attachsig=NULL
user_allowhtml=1
user_allowbbcode=1
user_allowsmile=1
user_allowavatar=1
user_allow_pm=1
user_allow_viewonline=1
user_notify=1
user_notify_pm=0
user_popup_pm=0
user_rank=0
user_avatar=NULL
user_avatar_type=0
user_email=NULL
user_icq=NULL
user_website=NULL
user_from=NULL
user_sig=NULL
user_sig_bbcode_uid=NULL
user_aim=NULL
user_yim=NULL
user_msnm=NULL
user_occ=NULL
user_interests=NULL
user_actkey=NULL
user_newpasswd=NULL

What do I do? The other forum admin says that's the second time this
happens, first time he just deleted the user not mentioning this to
me...

--
"Now the storm has passed over me
I'm left to drift on a dead calm sea
And watch her forever through the cracks in the beams
Nailed across the doorways of the bedrooms of my dreams"
Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Nikola Skoric wrote:
[snip]
user_id=99999
user_active=1
username=ze3lock


A google search on this username would have quickly led you to several
notifications of the phpBB security hole which was found and patched a
couple months ago.

You should at a minimum remove the user account and upgrade to phpBB
2.0.11 immediately.

http://www.securiteam.com/unixfocus/6Z00R2ABPY.html
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=244451

-- brion vibber (brion @ pobox.com)
Jul 17 '05 #2

P: n/a
Dana Mon, 24 Jan 2005 03:47:39 -0800
Brion Vibber (br***@pobox.com) kaze...
Nikola Skoric wrote:
[snip]
user_id=99999
user_active=1
username=ze3lock


A google search on this username would have quickly led you


I'm terribly embarassed. Thank you for the info...

--
"Now the storm has passed over me
I'm left to drift on a dead calm sea
And watch her forever through the cracks in the beams
Nailed across the doorways of the bedrooms of my dreams"
Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.