The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

phpBB vulnerability? Have you seen this?

Discussion in 'General Discussion' started by wa4fat, Jun 27, 2005.

  1. wa4fat

    wa4fat Well-Known Member

    Joined:
    Dec 30, 2001
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Hello

    There is apparently some sort of phpBB vulnerability that I'm unaware of ... sigh -- and I'm hoping some of you may have already encountered this.

    Here's the deal:

    One of my server's CPU was maxed out by the following:

    mod_security: Access denied with code 403. Error parsing multipart parameters: Error normalizing parameter value: (null) [hostname "www.washers.org"] [uri "/forum/admin/admin_db_utilities.php?sid=861013d3421a11aa3d0c37a75eff775c"]

    ... from some dip in an 84 IP block.

    Killing the ._sesss process fixed the cpu overload, but I'd like to prevent this from occurring again in the future.

    Has anyone else seen this?

    --- This particular server is running PHP 4.3.11 and the phpBB in question is running 2.0.4

    Thanks so much in advance!

    -- Bill
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    You need to upgrade PhpBB to the latest version, phpBB 2.0.15. The latest release is 2.0.16, but might not be in the CPanel yet.
     
  3. gpreston

    gpreston Well-Known Member

    Joined:
    Jan 31, 2004
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    West Chester, PA
    phpBB 2.0.4 is an EXTREMELY vulnerable product. You need to immediately upgrade the phpBB install to the newest version available.
     
  4. wa4fat

    wa4fat Well-Known Member

    Joined:
    Dec 30, 2001
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Thanks for the thoughtful replies!

    I *foolishly* assumed that cPanel would keep this application updated ... sigh.
     
  5. gpreston

    gpreston Well-Known Member

    Joined:
    Jan 31, 2004
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    West Chester, PA
    I don't believe cPanel will auto-update phpBB because of the fact that people can mod their install in which case the auto-update will break the install. It has to be run by hand via the cPanel GUI. And in the case that the phpBB install has been modified, the upgrades will need to be done by hand.
     
  6. raikd

    raikd Member

    Joined:
    Jun 25, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    phpBB upgrade?

    When will phpBB 2.0.16 be available for upgrade through cpanelX?
     
  7. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
  8. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    There is only a few items changed from phpBB2 2.0.15 to 2.0.16 ....

    I simply went into the installer for phpBB2 under cPanel and
    updated the appropriate files.

    Presto! All new installs of phpBB2 from cPanel are now 2.0.16!
     

Share This Page