News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Stefan Koopmanschap's Blog:
What we can learn from yesterday's phpBB.com hack
February 03, 2009 @ 10:28:00

For those that might have missed it, the phpBB.com server was hacked via an unpatched version of another piece of PHP software running on the same machine. Stefan Koopmanschap has posted a bit about it and talks about what happened and what can be learned from it.

Yesterday the phpBB.com server got hacked. People who, like me, were there back in the days of phpBB2 will be reminded of the security flaws found in the software back then. However, this was not the cause of this hack. It was an unpatched version of another PHP package that caused the hack, which exposed amongst other things the full user database and several server passwords.

The problem was with an unpatched version of phpList, a mailing list manager, that allowed the hacker to get in and get out with a complete dump of the users table (including passwords and other private information).

I think the whole world can learn something from this: Your server is only as secure as your weakest link. So if you use any third party open source software, make sure that you always use the latest version, and that you subscribe to notification mailinglists of new releases. This will ensure that you get notified when new versions are released, so that you can patch your installation to the latest version and fix any vulnerabilities in the software.
1 comment voice your opinion now!
phpbb hack website phplist mailinglist manager user private information


blog comments powered by Disqus

Similar Posts

Community News: ABCPHP.com (Digg-Like PHP News Source)

WeberDev.com: User Authentication with patUser (Part 3)

Pádraic Brady's Blog: PFP II: Return of Patterns For PHP

Web Development Blog: Dynamic thumbnails from websites

KillerPHP Blog: Four O'Reilly Book Reviews


Community Events





Don't see your event here?
Let us know!


podcast introduction list language interview community testing configure developer code opinion laravel unittest threedevsandamaybe refactor series wordpress install release framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework