1
talunceford
phpBB down after attack, Caution to all Xoopsers with AWSTATS

I know that everyone out there has used phpBB at one time or another, so here is a tid bit of information for you. It seems that their own web site was attacked and defaced by using the AWSTATS flaw. So if you have a XOOPS site along with AWSTATS you might want to think about shutting it (AWSTATS) down.

Here is the whole scoop.
Quote:

The popular phpBB forum has been taken offline after hackers cracked into its server and defaced its website yesterday. The open source project's website was attacked using a vulnerability in a package called AWStats announced 17 January. The same exploit has also been used to attack several popular weblogs in recent days, Netcraft reports.

phpBB is a popular bulletin board package, with more than 150,000 registered members on its forum. The attack on the phpBB forum saw its website replaced by an image of that face of US President George Bush grafted onto the body of a baby monkey. It's unclear why defacer simiens picked the forum for attack. The phpBB forum runs off a single server, which is undergoing analysis. This has left phpBB's development team temporarily unable to use the project's primary server.

phpBB intends to recover its database from the server and rebuild its website, but this will take time. It hopes to have its website back to something close to normal operation by later today (8 February) or at least the end of the week.

In the meantime, users in need of support with phpBB 2.0.x can visit a development board, area51.phpbb.com. An IRC support channel, #phpbb on the irc.freenode.net network, is also available. A holding page on the phpBB forum's web site provides updates on the site's progress back to normal operations.

phpBB has been a target for attack before. In December 2004 malware authors created a worm that attacked web servers running the popular phpBB discussion forum software to deface vulnerable systems. The Santy worm hit thousands of sites.

2
irmtfan
Re: phpBB down after attack, Caution to all Xoopsers with AWSTATS
  • 2005/2/8 16:44

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


and what is this AWSTATS ?
see this from phpbb official website:

Quote:
Since it would be totally inappropriate in this situation to simply "restore" (without investigating what happened we could simply be restoring an already vulnerable system) the box is being shipped from its datacenter to our server manager. There it will be analysed so we can confirm just what happened. Of course a full reinstall will then be performed after recovering the database. This will take some time. We are hoping to have an intermediate solution but there are no guarantees this is doable, or even worthwhile given the time frames. As I said before, best guesstimates for a return are from tomorrow (8th Feb) through to the end of this week.

so it means they dont know what happen exactlly or what?

3
talunceford
Re: phpBB down after attack, Caution to all Xoopsers with AWSTATS

Not really sure. I know before I formatted my server, I had AWSTATS installed, and I got hacked, luckily I had a backup and got my site back within minutes. I tightened down security and it hasn't happened since. I know that Xoops.org had the same thing happen. I guess what I am saying is that AWSTATS unpatched is a huge security risk ATM.

4
m0nty
Re: phpBB down after attack, Caution to all Xoopsers with AWSTATS
  • 2005/2/8 17:00

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


simiens crew hit xoops.org last week.. they got in thru AWSTATS aswell..

awstats has since been removed from the server and no more attacks have happened..

they did multiple sites, so it's not a phpbb problem it's a problem for any server that runs awstats.. they are just defacers and it's unlikely that they will have left any back doors, but don't quote me on that as i'm not 1 of them so i couldn't say for sure if defacement is all they do.


Quote:

The attack on the phpBB forum saw its website replaced by an image of that face of US President George Bush grafted onto the body of a baby monkey.


that didn't happen on the sites i saw defaced, but IMO gotta love that sense of humour.. altho i think they should have pasted it onto a baboons ass instead of a baby monkey.. lol

5
ewonline
Re: phpBB down after attack, Caution to all Xoopsers with AWSTATS
  • 2005/2/11 3:41

  • ewonline

  • Not too shy to talk

  • Posts: 198

  • Since: 2004/11/17


AWSTATS, the good old insecure Perl
or is it CGI

Just stick a .htaccess file in there

Order Allow,Deny
Deny from All


I still think that its due to phpBB they got hacked, but thats just me.

Whats the status on XOOPS development btw?

Login

Who's Online

431 user(s) are online (303 user(s) are browsing Support Forums)


Members: 0


Guests: 431


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits