This afternoon, the Debating Christianity & Religion site got hacked into. The index.php got replaced with a single line “Antrax Gr0up ownz you – Dead_Clown == Greatz: Cool_Code and Shaman286”.
I contacted my webhosting provider and they recommended me upgrading to the latest phpBB. That is not a viable option, so I dug in more.
I looked at the phpbb.com forum and found several threads on hack attacks recently:
Forum Hacked by someone
Highlight issue is serious
The *Ostrich Position* on hacking
So, apparently there is a hole in the highlight functionality. I looked at my access.log and searched for “highlight=%2527” and noticed that IP 201.8.135.22 was the culprit and banned that address.
Then I found the fix and implemented it:
Security Tracker
howdark.com exploits – follow up
I’d highly recommend that anyone running phpBB should immediately put the fix in.