More than half a million websites have been compromised in a new round of attacks that hacked domains in order to infect unsuspecting users' PCs with a variety of trojans. This ongoing campaign includes new malware hosting domains and new trojans variations. All of the sites are running older or misconfigured versions of "phpBB," an open-source message forum manager. Open-source popular applications like phpBB tend to be often targeted by mass scanning and exploiting tools.

The hack redirected visitors through several steps ultimately ending up on a page that tried to take advantage of errors in older Internet Explorer and RealPlayer versions. The article talks about exactly which viruses could have caused the problems and the wide range of sites (both in topic and location) that were effected.

The best way to protect you and your PHPBB install from something like this happening is to get the latest version of the software and learn how to configure it correctly.

The challenge with securing a shared hosting server is how to secure the website from attack both from the outside and from the inside. [...] This has created a gap that a number of third-party solutions have attempted to fill. One of the oldest of these is suphp, created by Sebastian Marsching.

He works through the whole process - the installation (this is all on a Gentoo linux system), configuring for your Apache install, changing Apache to make it work with suphp and finally some benchmarks and parting comments concerning its use.