PhpBB open to hacking?

[goma]

My phpbb messageboard says I have 77 members, which is correct. But when I checked the memberlist, there are only 31 listed, but the first page of this list had more than 31 members on it. What happended to the rest? When I checked the second page, it's blank. what's going on? And to think that I haven't backed up the database yet.

There's one guy who registered before everything went bad. The name is simply "a" and his email address is bogus@hotmail.com.

Am I being hacked?

I posted this same problem in the phpbb community and no one has answered me yet..

[iFroggy]

What phpBB version were you using?

(To answer the subject in the thread, most scripts are open to hacking in some regard.)

[goma]

phpBB 2.0.2

this situation is really weird. I can't even remove that "a" member nor can the missing members log on to the board.

[iFroggy]

Well, phpBB 2.0.3 is the newest release.

Since you have yet to recieve help here, you may want to try my site, http://www.phpbbhacks.com/forums - I have a team of guys that will know a tad better than me.

[goma]

thanks iFroggy I'll post this same question there

[wert]

First, upgrade to 2.03 ASAP.

You might also want to use .htaccess to p/w protect the admin directory to also give you a second layer of defense.

That being said, I haven't heard of any confirmed hacking cases with 2.03.

Keep in mind if you're on a shared host, your forums will be vulnerable to hacking attempts from others on your shared host.

This is normally done via telnet and pretty much all the major forums (phpBB, Invisionboard, vBulletin) suffer from this as it is a weakness in the server configuration, not the script.

[janavi]

thanks for the heads up folks