phpBB Forum Down After Defacement 49
kv9 writes "The phpBB forum has been closed down after the host was cracked into, apparently because of an AWStats hole. Several blogs have been attacked using the same method. Commentary on Netcraft, The Reg and SecurityFocus"
Not phpBB -- Just their server. (Score:5, Informative)
Re:Meanwhile (Score:5, Informative)
It says they write more careful--or less widespread--perl.
The awstats exploit that was used here makes use of poorly written perl that failed to validate user input. Of course, had you read the article, you would know that.
Re:Meanwhile (Score:2, Informative)
Many vulnerable AWStats sites on google (Score:2, Informative)
AWStats is a very popular tool, google returns likely 4,490 users. This could be as bad as one of the old ISS vulnerabilities. With any luck, the publicity generated by incidents like this one will be a warning to those still running vulnerable version.