PHPBB is a pain
Mark Ghosh 
Thanks for visiting! If you're new here, you may want to subscribe to our RSS feed. This blog posts regular Wordpress news, updates of themes, plugins, ideas, hacks, quick fixes and everything about blogging, especially about Wordpress. Go ahead, subscribe to our feed! You can also receive updates from this blog via email.
The Pictorialis Forums have been hacked beyond repair. The hackers have left a message that says that the data is intact and can be restored but I refuse to ask them to do so or pay them in return. From what I gather, the database was modified to stuff the data into table overhead and out of the tables.
I realize that a lot of information (and a lot of hard work from users/programmers) on and about Pictorialis used to be on those forums and I would like to restore them from my last backup (from about 3 weeks ago) which I think I can do. This will take some time and the forums might not be up for some time. I apologize for the inconvenience.
I have received a lot of good advice from PHPBB admins. I concede that I had not upgraded in the past few months and was unaware that such a serious flaw existed that I had not patched. If I do manage to rescue the forums, I will migrate them over to BBPress when I get a chance and some time to script the imports. I am quite disillusioned with PHPBB. As a word of warning to others in the same boat, please make sure you upgrade to the latest every so often.
[EDIT] Forums are back up from a May 2nd backup and the latest and greatest of PHPBB. *whew*
(No Ratings Yet)
Loading ...
Comments RSS
Powered by 
Designed by 
phpBB - Cautionary tale
“The Pictorialis Forums have been hacked beyond repair. The hackers have left a message that says that the data is intact and can be restored but I refuse to ask them to do so or pay them in return. From what I gather, the database was modified …
Thanks for the advice, I hadn’t upgraded for months either. Hope you get it all working again
The best thing that the 2.0 branch has had [since .14] is notice that your install is out-of-date on the Admin Panel. That’s a God-send.
This is of course possible with any online software that you use it just happens that phpBB is a big target and as it is such a large codebase these days hackers on a semi-regular basis find holes to exploit. You really do need to upgrade, upgrade, upgrade! All such projects should be responsible though and offer an “announce” mailing list that you can subscribe to and be notified of new releases so it is a push and not a pull.
When something does go awry though there is a lot to be said for nightly backups, if your host doesn’t do nightly backups for you then I’d suggest looking elsewhere (you can of course set them up yourself if you have shell or Cpanel access but IMO hosts should do backups for you) or if you are hosting your site yourself setup a job to backup your database(s), gzip them and email them to a gmail account or somewhere, there are plenty of scripts out there that do that.
just to be curious, what version of phpbb2 was it ? did you patch regularly ? I also had a phpbb2 hacked and as a result my server’s 100Mb/s used to ping flood some dude for a couple of hours a few months ago …
Backups are also very hard to do when the total size of your databases backed up exceeds 4 Gigs.
Last patch was a little over 3 months ago when the awstats scare was rampant. Did not patch for the santy worm.
This is why we all use IPB.
Is that 4GB gzipped (heck you’d want to loook at BZ2 for a dump that big)? Databases backups as a general rule compress extremely well… Also for a database that big I would look at some solution for incremental backups like month to date with a regular full backup.
Why not shift over to Simple Machines Forum?
That’s just bad luck. Good luck on your new forums.
Data Ransom, A Trend?
I was reading this article on hackers locking files and demanding ransom for unlocking it, which somehow eerily reminds me of this recent post I’ve read on Weblog Tools Collection. At the time of the hack, this was how the Pictorialis Forums loo…
PunBB is also rather nice. It’s released under the GPL and runs on PHP. And, it outputs valid XHTML to boot :).
> All such projects should be responsible though and offer an
> “announce†mailing list that you can subscribe to and be notified of
> new releases so it is a push and not a pull.
Which is exactly what phpBB has done several months ago (read the announcement from December): http://www.phpbb.com/phpBB/viewtopic.php?t=249416
Simple Machines is an excellent forum service that includes on their administration panel an RSS feed that provides you with the notice that there are updates available, and a package manager that lets you download directly from their site and install it. The ultimate in lazy, perhaps, but since you probably go in the administration section frequently, it makes a lot of sense. Highly recommended.
[...] 1 å‰é™£å在 Weblog Tools Collection å‡ºç¾ é€™ç¯‡ . 如果是從以å‰å°±æœ‰å [...]
PhpBB is a pain!?
å‰é™£å在 Weblog Tools Collection å‡ºç¾ é€™ç¯‡ .
如果是從以å‰å°±æœ‰åœ¨çœ‹æˆ‘這個 Blog 的人, æ‡‰è©²ä¹Ÿéƒ½çœ‹éŽ phpBB 的版本更新訊æ¯.
在å„種論壇系統裡é¢, phpBB 的效能算是很好的一套, 而且在全世界站å°ä¸…
PhpBB is a pain!?
å‰é™£å在 Weblog Tools Collection å‡ºç¾ é€™ç¯‡ .
如果是從以å‰å°±æœ‰åœ¨çœ‹æˆ‘這個 Blog 的人, æ‡‰è©²ä¹Ÿéƒ½çœ‹éŽ phpBB 的版本更新訊æ¯.
在å„種論壇系統裡é¢, phpBB 的效能算是很好的一套, 而且在全世界站å°ä¸…
Hello !
Sorry to bother you. I found this forum when looking through google for forums to use. I need
to install a forum on my website but I cannot find where it is sold.
Where did you get this one
Thanks for any assistance
[...] Weblog Tools Collection ?? ?? [...]
Im new here at the forum, just wanted to say hello
Samantha