Jump to content

People getting trojans on MapCore, come here

Thrik

By Thrik
in Off-Topic

 Share

Recommended Posts

Thrik

Thrik

Posted
Posted

After a lot of serious pissing around (this current host is seemingly falling apart) I've managed to get the forum files and database duplicated onto my own superb hosting. I've never been able to get the virus/trojan/whatever messages to appear myself so I need you guys who got it before to test it:

http://mapcore.ryanjohnwilliams.com/

If you still get it on there then we can be sure that the forum files themselves are the cause; if not, then it's the web host.

Just have a look around, do things that caused the trojan errors before, etc.

Feel free to test in whatever way you like there because the database will inevitably be wiped. Nothing you do should have any affect on the real forums. Just don't get confused and screw around on the real forum by mistake -- look at the address bar. :cool:

Thrik

Thrik

Posted
  • Author
Posted

phpBB really isn't that bad, and there's no evidence to suggest it's phpBB that's caused the security breach. phpBB is a lot more inherently secure anyway, and this trojan shit was appearing before we upgraded and on non-phpBB pages. Plus, people went mental over even upgrading to phpBB3 because of the changes -- nevermind whole new software!

Thanks for having a look, guys. I'll talk with Mojo about moving forward from here.

Thrik

Thrik

Posted
  • Author
Posted

I'm aware that vulnerabilities exist, however if you actually look into the vulnerabilities the majority of recent-ish ones are due to third-party software or other such add-ons, and the problems were patched quite quickly. Most of the real problems occurred ~2006.

I meant to say that phpBB 3 is more inherently secure above. None have been discovered in phpBB 3 to my knowledge yet, and if they are they will most probably be patched quickly as the phpBB community is very large and vulnerabilities are reported quickly. An SMF exploit could go undetected for months on end before someone finally notices it, just like they have in Windows and Mac OS X.

Indeed, the reason there are so many listed vulnerabilities for phpBB is because it's so popular. There are quite simply infinitely more phpBB forums out there than SMF forums, and thus less interest from dedicated programmers to find security exploits. Exactly the same is true of WordPress, which has had a large number of vulnerabilities found yet is used on an incredibly wide scale without problems.

As long as the vulnerabilities are patched quickly when they're found it's fine. The simple fact is that vulnerabilities exist in all software, regardless of how much their high horse developers might say it's secure. It's no coincidence that the 'most secure' applications are usually also amongst the least popular.

Baumwoll-Auge-Joe

Baumwoll-Auge-Joe

Posted
Posted

Google tells me 11.8 Million SMF installations and 26.5 million phpbb installations, so both is very popular. If you know PHP I would suggest you to take a look to the source code of each, you will see a big difference.

I don't want to advertise SMF, I only want to take care of this community and suggest you only not to use phpbb. Even if there are fast patches in the future, let's hope the hackers and bots will not know before these exploits.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...