Alex wrote:
phpBB 2.0.9 - I think that's what you mean o.o
First of all, when access is regained to the forum, it should be
immediately updated to the latest version of phpBB. If there are MODs installed, I recommend that
[Tool] phpBB 2.0.10 to 2.0.11 Changes be used. Otherwise, the regular update script available from phpbb.com should do just fine.
To get your admin account back, the person with phpMyadmin access should apply the below to their database.
Code:
# Reset everyone to member
UPDATE phpbb_users SET user_level = '0' WHERE user_level <> '0';
# Reset main admin to admin
UPDATE phpbb_users SET user_level = '1' WHERE user_id = '2';
Finally, I have some tools to recommend. The first is the phpBB Security MOD, which can be found
here (Note: you'll have to register to download it. As a matter of fact, when you register it, you'll come across one of the features of phpBB Security). The second is
Advanced IP Tools Pack (Read the description. Very good MOD. It has that function you desire: recording the IP before a user even posts, and much more!). Oh -- and another nifty tool to combat that worm that everyone's talking about is
[RC] Anti-Net-Worm.Perl.Santy (very simple to install too, though in development. Still of use if you're using the latest version of phpBB).
EDIT -- A good place to go for some personalized help is
phpBB ER.
And here's some information on that worm:
Quote:
Copied from pcworld.com
Web search engine company Google is blocking efforts by a new Internet worm to use its search engine to find vulnerable computers on the Internet, the company announced this week.
Google is blocking searches launched by Santy.A, a new Internet worm that targets servers running phpBB, a popular electronic bulletin board software package, according to a statement from the company. Without any native ability to scan for vulnerable computers, Google's action halted Santy.A's spread, according to antivirus companies.
Santy.A targets servers running phpBB. Antivirus companies first detected the worm Tuesday, though it may have been spreading silently well before that, according to Johannes Ullrich, chief technology officer at The SANS Institute's Internet Storm Center.
The worm used a vulnerability in phpBB, an open source software product that is managed by the phpBB Group, to spread across the Internet, infecting computer servers that host online bulletin boards and defacing those sites with the words "This site is defaced!!! NeverEverNoSanity WebWorm."
A phpBB component called viewtopic.php allows malicious commands to be passed to and executed on servers that run a vulnerable version of the phpBB software. Secunia, a Copenhagen-based security company, first reported the vulnerability on November 19. An updated version of phpBB software that fixes the flaw was released on November 18.
Impact Uncertain
Estimates of the impact of the Santy worm vary widely. Searches on a beta version of Microsoft's MSN Search feature for the text used to deface sites returned over 30,000 hits. However, identical searches on other engines, including the official MSN Search engine, Yahoo, and Google search engines returned far fewer hits, ranging from 785 (MSN) to 2030 (Yahoo).
However, using searches for telltale signs of infection, such as defacement text, is an inexact way to determine the actual number of Santy infections, says Ullrich.
"Santy will only deface sites if it can overwrite files, and it may not always be able to do that based on the configuration of the Web server [running phpBB]," he says.
Also, an analysis of the Santy code revealed that the worm spread quietly for a while, infecting phpBB servers but not overwriting files and defacing the bulletin boards, Ullrich says.
The Santy worm marked some firsts, including the use of a popular search engine as part of a worm's spreading mechanism. However, the lessons to be learned from Santy's spread are already well established: keep on top of software patches and "harden" the configuration of public-facing servers by preventing users from being able to take unnecessary actions, such as overwriting files, he says.
Hope this helps.
I run
The Infinity Program, a den of villains and swashbucklers.