Feeds

phpBB forum offline after defacement

Monkey business

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

The popular phpBB forum has been taken offline after hackers cracked into its server and defaced its website yesterday. The open source project's website was attacked using a vulnerability in a package called AWStats announced 17 January. The same exploit has also been used to attack several popular weblogs in recent days, Netcraft reports.

phpBB is a popular bulletin board package, with more than 150,000 registered members on its forum. The attack on the phpBB forum saw its website replaced by an image of that face of US President George Bush grafted onto the body of a baby monkey. It's unclear why defacer simiens picked the forum for attack. The phpBB forum runs off a single server, which is undergoing analysis. This has left phpBB's development team temporarily unable to use the project's primary server.

phpBB intends to recover its database from the server and rebuild its website, but this will take time. It hopes to have its website back to something close to normal operation by later today (8 February) or at least the end of the week.

In the meantime, users in need of support with phpBB 2.0.x can visit a development board, area51.phpbb.com. An IRC support channel, #phpbb on the irc.freenode.net network, is also available. A holding page on the phpBB forum's web site provides updates on the site's progress back to normal operations.

phpBB has been a target for attack before. In December 2004 malware authors created a worm that attacked web servers running the popular phpBB discussion forum software to deface vulnerable systems. The Santy worm hit thousands of sites. ®

Related stories

Santy worm defaces thousands of sites
Root kit surfaces after Jabber attack
GNU servers owned by crackers for months

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.