News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Stefan Koopmanschap's Blog:
What we can learn from yesterday's phpBB.com hack
February 03, 2009 @ 10:28:00

For those that might have missed it, the phpBB.com server was hacked via an unpatched version of another piece of PHP software running on the same machine. Stefan Koopmanschap has posted a bit about it and talks about what happened and what can be learned from it.

Yesterday the phpBB.com server got hacked. People who, like me, were there back in the days of phpBB2 will be reminded of the security flaws found in the software back then. However, this was not the cause of this hack. It was an unpatched version of another PHP package that caused the hack, which exposed amongst other things the full user database and several server passwords.

The problem was with an unpatched version of phpList, a mailing list manager, that allowed the hacker to get in and get out with a complete dump of the users table (including passwords and other private information).

I think the whole world can learn something from this: Your server is only as secure as your weakest link. So if you use any third party open source software, make sure that you always use the latest version, and that you subscribe to notification mailinglists of new releases. This will ensure that you get notified when new versions are released, so that you can patch your installation to the latest version and fix any vulnerabilities in the software.
1 comment voice your opinion now!
phpbb hack website phplist mailinglist manager user private information


blog comments powered by Disqus

Similar Posts

Chris Shiflett's Blog: Allowing HTML and Preventing XSS

Chris Hartjes' Blog: Simple User Registration in CakePHP 1.2, Part II

Mike Potter's Blog: Updated PHP RIA SDK - Download Now

Davey Shafik\'s Blog: 1st Tampa Bay PHP User Group Meeting!

Juozas Kaziukenas' Blog: Web scraping with PHP and XPath


Community Events





Don't see your event here?
Let us know!


framework list series testing symfony2 laravel language threedevsandamaybe introduction podcast interview opinion experience developer release community install configure unittest code

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework