SSH Commands

wooden

For the basics in linux shell

SSH Commands Guide List | Suggest A Guide
HostGeekz Hosting Guides | cPanel | Cheap Domains | Web Hosting Talk

Check for vulnerable / exploitable / hackable phpBB forums

A while back someone found an exploit in a phpBB forum in the bbcode.php file that allowed hackers full access to the server. Popular control panels such as cPanel use to come with phpBB build in and unless server administrators manually updated the scripts by running a forced cPanel update then the latest version of phpBB wasn't updated.

Even then, server administrators need to make sure that the dangerous exploit is remove completely on their server and that customers keep their forums up to date. But how do you do that?

There is a very simple way:

find /home/ -name "bbcode.php" -exec grep 't<]\*)#is' {} \; -print

This command is compliance of hostgeekz.com. This will display an output showing the code and under that the path. I would suggest you disable the forums and force them to update it on their own.

 

How to disable the phpBB forum?

After running the above command, here is a sample of some output:

$ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);
/home/zxy/public_html/nets/pnuke/includes/bbcode.php
$ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);
/home/zxy/public_html/forum/includes/bbcode.php
$ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);
/home/zxy/public_html/phatbeatboxer/forum/includes/bbcode.php
$ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);
/home/zxy/public_html/trk/nuke/includes/bbcode.php
$ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);
/home/zxy/public_html/nyc/phpbb2/includes/bbcode.php
$ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);
/home/zxy/public_html/teamfuelinjected/forum/includes/bbcode.php
$ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);
/home/zxy/public_html/navy/includes/bbcode.php
$ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);
/home/zxy/public_html/phpnuke/includes/bbcode.php

So you can see the following file could be exploited:

/home/zxy/public_html/forum/includes/bbcode.php

We need to find the configuration file and add a line of code to that. The configuration is located in the root of the forum install, so for example the configuration file would be at www.zxy.com/forum/config.php - so we know our config.php path is /home/zxy/public_html/forum/includes/config.php

So simply type:

nano /home/zxy/public_html/forum/includes/config.php

OR

/home/zxy/public_html/forum/includes/conf*

Then add the following line under the <?PHP tag:

die("Forums Disabled - Contact Support Immediately!");

Then save with Ctrl + O. Congratulation, the forum is disabled.


© Copyright, Simplec Services - Australia, 2017

Visit HostGeekz.com For More!
Cheap .Com Domains from $8.50