Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Programming IT Technology

phpBB Forum Down After Defacement 49

Posted by Zonk
kv9 writes "The phpBB forum has been closed down after the host was cracked into, apparently because of an AWStats hole. Several blogs have been attacked using the same method. Commentary on Netcraft, The Reg and SecurityFocus"
This discussion has been archived. No new comments can be posted.

phpBB Forum Down After Defacement More

phpBB Forum Down After Defacement

Comments Filter:

  • Not phpBB -- Just their server. (Score:5, Informative)

    by Ahnteis ( 746045 ) on Tuesday February 08, 2005 @02:22PM (#11609339)
    It's sad that most sites are posting this with a headline that seems to indicate that phpBB is the problem. The SERVER was hacked through OTHER software, not phpBB. (I know I was worried about my sites until I read the article.)

  • Worms then.... (Score:1, Interesting)

    by djsmiley ( 752149 )
    I wonder how long until a worm comes out to take advantage of this....

    its always interested me, from the time my works php site was over run via a googling worm.
    And how you always hear that it takes xhrs after a flaw is found, for someone to start using it.
  • If they would have properly managed their systems, none of this would have happened.
  • A coursoury check of google [google.com] suggests that there are many people who haven't patched yet: it lists the version number at the bottom of the statistics page.

    AWStats is a very popular tool, google returns likely 4,490 users. This could be as bad as one of the old ISS vulnerabilities. With any luck, the publicity generated by incidents like this one will be a warning to those still running vulnerable version.

  • and open source in particular will be keeping up with all of the known holes and their fixes. I subscribe to three different security announcement listserves, and I still didn't hear about a patch for Mambo OS until I went to the forums looking for an answer on a stupid question. If I hadn't gone to the forums (I don't too often) I'd still be unpatched.

    I'm not sure what the answer is, but with the diversity in my network I could spend a whole day each week looking for issues on the services I run...

    • This is why I subscribe to the announcement list of all major software packages I use. Or, alternately, I subscribe to the security bulletin list if they offer one. I also chastise the authors when they abuse the announcement list for something that's not an announcement. Yes, it's their list and their software, but they are greatly damaging their program's viability in a security conscious market by making it harder to get timely security bulletins. I don't sort announcement list mail either, or if I d

  • What? (Score:1)

    by MrWa ( 144753 )
    What department was this from again?
  • After reading nearly 10 "OMFG HAHAH PHP IS TEH SUCK" comments on a story about a mature perl script with a bug makes me sick. I swear, /. is getting worse. Not that the headline is helping the missleading thoughts...
  • I'm not sure whether it's hilarious or very, very sad that this is just turning into a huge "php sucks, ha ha, use perl instead you n00bs" thread.

    It's actually throwing a bad light on perl developers (and I am one, so I'm not flaming here) that they can't even be bothered reading even the _summary_ and see it was the perl function open() in AWstats that got used to exploit the server, not a php script.

    Personally, I code in perl and php. I use whichever's right for the task, and like 'em both.

    Oh, and I co

Slashdot Top Deals

"Imitation is the sincerest form of television." -- The New Mighty Mouse

Close