I'm not alone: phpbb.com gets hacked

It’s nice to know I”m in good company.  Phpbb.com got hacked.  Click Read More to see more.

Here’s a picture of the front page of phpbb.com right now.  (Apparently, it’s been this way for at least a day.)

phpbb.com

I feel for them.  I wish I could help.  It wasn’t phpbb itself that was the problem, but a mailing list manager they were using called phplist.  It was out of date and had a vulnerability that was exploited.  Yuck.

Do yourself a favor:
1. Make sure the backups of your website work and are stored where the hacker can’t get to them.
2. Make sure  you’re doing everything you can to secure your server.  I know I wasn’t.



----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Architect at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

2 thoughts on “I'm not alone: phpbb.com gets hacked

  1. treed says:

    Don’t use PHP. I know a lot of PHP fans out there will flame me for it but the only web apps I’ve ever had exploited were PHP apps. Despite running lots of Django, Plone, Zope, and various other kinds of apps. I have probably run equal shares of all of the above and PHP is the only one that gets exploited on a regular basis. It is debatable whether it is the technology itself (registered globals, no escaping SQL queries by default, etc) or simply the level of experience of those who implement it but the fact remains that it is a problem.

    phplist was not exploited because it was out of date. It was exploitable the day it was released. It isn’t like software suddenly develops vulnerabilities over time and must therefore be refreshed eventually.

  2. cpjlboss says:

    This whole site is run by PHP apps. Phpbb, joomla, wikipedia. The only non-PHP app we have is Mailman.

    Given that I’m running this site in my spare time, I don’t even have the time to consider the possibility, let alone do the conversion of everything.

Leave a Reply

Your email address will not be published. Required fields are marked *