phpBB vulnerability? Have you seen this?

wa4fat

Well-Known Member
Dec 30, 2001
51
1
308
Hello

There is apparently some sort of phpBB vulnerability that I'm unaware of ... sigh -- and I'm hoping some of you may have already encountered this.

Here's the deal:

One of my server's CPU was maxed out by the following:

mod_security: Access denied with code 403. Error parsing multipart parameters: Error normalizing parameter value: (null) [hostname "www.washers.org"] [uri "/forum/admin/admin_db_utilities.php?sid=861013d3421a11aa3d0c37a75eff775c"]

... from some dip in an 84 IP block.

Killing the ._sesss process fixed the cpu overload, but I'd like to prevent this from occurring again in the future.

Has anyone else seen this?

--- This particular server is running PHP 4.3.11 and the phpBB in question is running 2.0.4

Thanks so much in advance!

-- Bill
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
You need to upgrade PhpBB to the latest version, phpBB 2.0.15. The latest release is 2.0.16, but might not be in the CPanel yet.
 

wa4fat

Well-Known Member
Dec 30, 2001
51
1
308
Thanks for the thoughtful replies!

I *foolishly* assumed that cPanel would keep this application updated ... sigh.
 

gpreston

Well-Known Member
Jan 31, 2004
61
0
156
West Chester, PA
I don't believe cPanel will auto-update phpBB because of the fact that people can mod their install in which case the auto-update will break the install. It has to be run by hand via the cPanel GUI. And in the case that the phpBB install has been modified, the upgrades will need to be done by hand.
 

raikd

Member
Jun 25, 2005
13
0
151
phpBB upgrade?

When will phpBB 2.0.16 be available for upgrade through cpanelX?
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
There is only a few items changed from phpBB2 2.0.15 to 2.0.16 ....

I simply went into the installer for phpBB2 under cPanel and
updated the appropriate files.

Presto! All new installs of phpBB2 from cPanel are now 2.0.16!