• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

Webmasters need to be cautious!

P

priyanka

New Member
A NEW internet worm has launched a Google-powered assault on web bulletin boards that use the popular phpBB forum software.

Dubbed "Perl.Santy.A", or "Santy", the worm attacks web servers rather than desktop PCs, a warning posted online by Finnish internet security company F-Secure said.
The worm uses Google to search randomly for new hosts, F-Secure said.

There have been serious vulnerabilities found in the phpBB software in the past and this incident underlines the importance of all people keeping up to date with the latest security patches and fixes," anti-virus firm Sophos senior technology consultant Graham Cluley said

For more details read :http://australianit.news.com.au/articles/0,7204,11759816^16123^^nbv^,00.html
 
because of its vulnerability - which has suffered widespread exploitation across the internet
 
apparently it's not only phpbb.. it can happen to any board, any script:

Recently a serious exploitable issue was discovered in PHP (the scripting language in which phpBB, IPB, vB, etc. are written) versions prior to 4.3.10. The problematical functions include unserialize and realpath. phpBB (along with a great many other scripts including IPB, vB, etc.) use these two functions as a matter of course.

It has come to our attention that code has now been released which uses this exploit in PHP to obtain confidential information in phpBB. Such information includes data contained in phpBB's config.php file. We therefore recommend the following:

1) If you maintain your own server be sure to upgrade to the newest available release of PHP (both versions 4 and 5). Be aware that at this time phpBB 2.0.x has problems functioning under PHP5 without modification.

2) If you pay for hosting ensure you hosting provider has upgraded thier installation of PHP (again remember that phpBB 2.0.x and other scripts will not function under PHP5 without modification).

Please do not submit this PHP issue to our security tracker, it is beyond our control. Fixed versions of PHP do exist and as above we encourage you to ensure your system is running such a version. Equally please examine any "hacking" issues you have carefully to ensure they are not caused by this PHP problem (rather than phpBB). Remember, this is not a phpBB exploit or problem, it's a PHP issue and thus can affect any PHP script which uses the noted functions.
Click to expand...
 
phpBB owns your life.

Then again, for people that don't upgrade I can't feel sorry for them..
 
The thing about phpbb is that the there security isn't very good i'v known a few hosts that offer phpbb for free and paid have been hacked or *cracked by easy passwords* ipb update there security weekly to stop this but phpbb is so easy but 2.0.10 is real easy cos as they go on the weaker the security is cos the less time they spend on it because they think the security would be alright because the others are! i think as they go on they should update the security

TheChatter
 
TheChatter said:
The thing about phpbb is that the there security isn't very good i'v known a few hosts that offer phpbb for free and paid have been hacked or *cracked by easy passwords* ipb update there security weekly to stop this but phpbb is so easy but 2.0.10 is real easy cos as they go on the weaker the security is cos the less time they spend on it because they think the security would be alright because the others are! i think as they go on they should update the security

TheChatter
Click to expand...

Whoa, you really are 'the chatter'.

j/k :p
 
darkcurves said:
Whoa, you really are 'the chatter'.

j/k :p
Click to expand...
lol thanks, but no its ture they do need to sort out their security otherwise whats the point in having a phpbb forum?

TheChatter
 
You must log in or register to reply here.
Back
Top