Search | Archive | Categories
This afternoon, the Debating Christianity & Religion site got hacked into. The index.php got replaced with a single line "Antrax Gr0up ownz you - Dead_Clown == Greatz: Cool_Code and Shaman286".

I contacted my webhosting provider and they recommended me upgrading to the latest phpBB. That is not a viable option, so I dug in more.

I looked at the forum and found several threads on hack attacks recently:
Forum Hacked by someone
Highlight issue is serious
The *Ostrich Position* on hacking

So, apparently there is a hole in the highlight functionality. I looked at my access.log and searched for "highlight=%2527" and noticed that IP was the culprit and banned that address.

Then I found the fix and implemented it:
Security Tracker exploits - follow up

I'd highly recommend that anyone running phpBB should immediately put the fix in.

Posted: 2004-11-29 22:28:55

<< My daughter's favorite thing to doIt's a boy! >>