Login Form






Lost Password?
No account yet? Register (FREE)

Search Backup Central

Twitter Updates

Twitter Updates

    follow me on Twitter
    Curtis
    Who is This Guy?

    Disclaimer

    The opinions contained within this website, it's blog(s), forums, and Wikis, are those of the original poster and do not represent the position of my (or any other) employer.
    I'm not alone: phpbb.com gets hacked PDF Print E-mail
    Written by W. Curtis Preston   
    Tuesday, 03 February 2009
    It's nice to know I"m in good company.  Phpbb.com got hacked.  Click Read More to see more.

    Here's a picture of the front page of phpbb.com right now.  (Apparently, it's been this way for at least a day.)

    phpbb.com

    I feel for them.  I wish I could help.  It wasn't phpbb itself that was the problem, but a mailing list manager they were using called phplist.  It was out of date and had a vulnerability that was exploited.  Yuck.

    Do yourself a favor:
    1. Make sure the backups of your website work and are stored where the hacker can't get to them.
    2. Make sure  you're doing everything you can to secure your server.  I know I wasn't.


    Comments
    Search RSS
    Tracy Reed  - PHP     |2009-02-10 10:09:47
    Don't use PHP. I know a lot of PHP fans out there will flame me for it but the only web apps I've ever had exploited were PHP apps. Despite running lots of Django, Plone, Zope, and various other kinds of apps. I have probably run equal shares of all of the above and PHP is the only one that gets exploited on a regular basis. It is debatable whether it is the technology itself (registered globals, no escaping SQL queries by default, etc) or simply the level of experience of those who implement it but the fact remains that it is a problem.

    phplist was not exploited because it was out of date. It was exploitable the day it was released. It isn't like software suddenly develops vulnerabilities over time and must therefore be refreshed eventually.
    W. Curtis Preston  - Wish I could   |2009-02-10 10:25:05
    This whole site is run by PHP apps. Phpbb, joomla, wikipedia. The only non-PHP app we have is Mailman.

    Given that I'm running this site in my spare time, I don't even have the time to consider the possibility, let alone do the conversion of everything.
    Only registered users can write comments!

    3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."
     
    < Prev   Next >
    [ Back ]

    Sponsored Links