Backup Central

Login Form

RSS Feed

Mr. Backup

I'm not alone: phpbb.com gets hacked

Written by W. Curtis Preston Tuesday, 03 February 2009 14:11

It's nice to know I"m in good company. Phpbb.com got hacked. Click Read More to see more.

Here's a picture of the front page of phpbb.com right now. (Apparently, it's been this way for at least a day.)

I feel for them. I wish I could help. It wasn't phpbb itself that was the problem, but a mailing list manager they were using called phplist. It was out of date and had a vulnerability that was exploited. Yuck.

Do yourself a favor:
1. Make sure the backups of your website work and are stored where the hacker can't get to them.
2. Make sure you're doing everything you can to secure your server. I know I wasn't.

< Prev		Next >

Comments

0 #2 W. Curtis Preston 2009-02-10 13:25

This whole site is run by PHP apps. Phpbb, joomla, wikipedia. The only non-PHP app we have is Mailman.

Given that I'm running this site in my spare time, I don't even have the time to consider the possibility, let alone do the conversion of everything.

Quote

0 #1 Tracy Reed 2009-02-10 13:09

Don't use PHP. I know a lot of PHP fans out there will flame me for it but the only web apps I've ever had exploited were PHP apps. Despite running lots of Django, Plone, Zope, and various other kinds of apps. I have probably run equal shares of all of the above and PHP is the only one that gets exploited on a regular basis. It is debatable whether it is the technology itself (registered globals, no escaping SQL queries by default, etc) or simply the level of experience of those who implement it but the fact remains that it is a problem.

phplist was not exploited because it was out of date. It was exploitable the day it was released. It isn't like software suddenly develops vulnerabilities over time and must therefore be refreshed eventually.

Quote

Refresh comments list
RSS feed for comments to this post

Add comment

JComments