News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Stefan Koopmanschap's Blog:
What we can learn from yesterday's phpBB.com hack
February 03, 2009 @ 10:28:00

For those that might have missed it, the phpBB.com server was hacked via an unpatched version of another piece of PHP software running on the same machine. Stefan Koopmanschap has posted a bit about it and talks about what happened and what can be learned from it.

Yesterday the phpBB.com server got hacked. People who, like me, were there back in the days of phpBB2 will be reminded of the security flaws found in the software back then. However, this was not the cause of this hack. It was an unpatched version of another PHP package that caused the hack, which exposed amongst other things the full user database and several server passwords.

The problem was with an unpatched version of phpList, a mailing list manager, that allowed the hacker to get in and get out with a complete dump of the users table (including passwords and other private information).

I think the whole world can learn something from this: Your server is only as secure as your weakest link. So if you use any third party open source software, make sure that you always use the latest version, and that you subscribe to notification mailinglists of new releases. This will ensure that you get notified when new versions are released, so that you can patch your installation to the latest version and fix any vulnerabilities in the software.
1 comment voice your opinion now!
phpbb hack website phplist mailinglist manager user private information


blog comments powered by Disqus

Similar Posts

ProDevTips: Writing a CMS/Community with Smarty and the Zend Framework: Part 7

Community News: PHPCamp.net Launched

PHPied.com: phpBB Book Review

Jonathan Street's Blog: PHP5 Compete API Wrapper

Toronto PHP User Group: Why use the Zend Framework?


Community Events











Don't see your event here?
Let us know!


series composer performance release hack facebook security podcast database component application framework hhvm unittest opinion package introduction language install symfony2

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework