Phpbb: we 've been hacked?

we are running a phpbb site

http://www.euroburg.com/index2.htm

and it seems to me that we have been hacked into. (the member login doesnt work anymore)

our server (dreamhost) helped us to install the software more than a year ago, since then, nothing has been changed.

does anybody have some advise how to make it up and running again?

thanks in advance for your help!

You should do an upgrade to the current version of phpbb using the full package install version so that you will overwrite any changes the hackers have made. To get the admin logins back you will probably have to manually change the db using SQL commands. The phpbb_users table is the one you want to look at the closest for any changes. You should regularly upgrade your phpbb as there have been a lot of security bugs fixed over the last year.

This may not be the cause of your problem, but there is indeed a newly discovered vulnerability in phpBB:

theinquirer.net/?article=20329

theregister.co.uk/2004/12/21/santy_worm/

and here:

news.zdnet.com/2100-1009_22-5499725.html

You ought to upgrade as soon as possible.

best regards,
Robert

It’s worse than that. There were also 7 security bugs found and fixed in PHP itself recently. So you’ll not only have to upgrade phpbb to 2.0.11, but also upgrade PHP to 4.3.10 or 5.0.3 also. Annoyingly there is also a bug in these versions that causes PHP to fail to compile the zend_strtod.c file on several platforms without manually patching the source.