News Feed

News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Stefan Koopmanschap's Blog:
What we can learn from yesterday's hack
February 03, 2009 @ 10:28:00

For those that might have missed it, the server was hacked via an unpatched version of another piece of PHP software running on the same machine. Stefan Koopmanschap has posted a bit about it and talks about what happened and what can be learned from it.

Yesterday the server got hacked. People who, like me, were there back in the days of phpBB2 will be reminded of the security flaws found in the software back then. However, this was not the cause of this hack. It was an unpatched version of another PHP package that caused the hack, which exposed amongst other things the full user database and several server passwords.

The problem was with an unpatched version of phpList, a mailing list manager, that allowed the hacker to get in and get out with a complete dump of the users table (including passwords and other private information).

I think the whole world can learn something from this: Your server is only as secure as your weakest link. So if you use any third party open source software, make sure that you always use the latest version, and that you subscribe to notification mailinglists of new releases. This will ensure that you get notified when new versions are released, so that you can patch your installation to the latest version and fix any vulnerabilities in the software.
1 comment voice your opinion now!
phpbb hack website phplist mailinglist manager user private information

blog comments powered by Disqus

Similar Posts Getting started with Flex and Zend_Amf

Ibuildings Blog: PHP 5.3 from a development manager's perspective

PHP-GTK Community Site: Gataka: the PHP-GTK IRC bot

Toronto PHP User Group: Why use the Zend Framework?

SitePoint PHP Blog: Symfony2 Pre-registration and Invite System

Community Events

Don't see your event here?
Let us know!

interview podcast application example install conference language series performance library opinion laravel introduction release framework php7 symfony2 api community configure

All content copyright, 2015 :: - Powered by the Solar PHP Framework