Quote:
Originally Posted by kq76
When we first got it I of course thought it might be our phpbb forums (I know a bit about SQL injections and the like) as we were using an old phpbb2.x version instead of the latest phpbb3.x, but the forum pages weren't effected at all, only the main part of the site, so I thought it wasn't the forum. Thinking about it some more, however, I suppose it could have been our forum and somehow they used it to attack the rest of our site, but not the forum itself, maybe to throw us off of what the cause could be.
|
I am not a software engineer, I am a network security engineer so don't really know the specifics on how these attacks are done code-wise.. but I would say if you have an old version of phpbb that is not patched to fix this exploit, it is very likely they used this to insert the ****** to your mainpage. Even if they did not touch the forums at all, that is their normal behavior. They just want the malicious code in the very top level root directory for the webservices on the main index page so it gets hit the most.