Following the White Rabbit Blog : phphttp://www.communities.hp.com/securitysoftware/blogs/rafal/archive/tags/php/default.aspxTags: phpenCommunityServer 2008.5 SP1 (Build: 31106.3070)News Flash: phpBB Massive Hackhttp://www.communities.hp.com/securitysoftware/blogs/rafal/archive/2008/05/13/News-Flash_3A00_-phpBB-Massive-Hack.aspxTue, 13 May 2008 15:42:00 GMT94bda21f-7d63-4095-85de-7c2a68fb172c:77204Rafal Los3<p>ComputerWorld is running <a href="http://www.computerworld.com/action/article.do?command=viewArticleBasic&amp;articleId=9084991&amp;source=NLT_PM&amp;nlid=8" title="ComputerWorld Article (phpBB Hacks)">an article</a> from Paul Ferguson of TrendMicro claiming that there is a massive hack going on as you read this - via the phpBB bulletin-board software.&nbsp; Truth be told, phpBB has been known to be bug-ridden over the years (simply Google &quot;phpBB vulnerability&quot; and you&#39;ll get more than you wanted) but I believe that these have come to a boiling point now.&nbsp; If it&#39;s actually true, the number of site that was hacked stands at ~500,000, it would point to a massive problem within phpBB&#39;s code which likley hasn&#39;t been disclosed yet.</p> <p>What worries me is not that these sites are being hacked (because this is a &quot;normal&quot; occurrence these days) but that they&#39;re increasingly effective.&nbsp; While a half-million web sites being broken into isn&#39;t something to sound the alarm over - and this is truly a sad commentary on the state of web security today - the precision and effectiveness of these types of attacks is scary.&nbsp; Furthermore, the &quot;drive-by&quot; installations of malware, trojans and other unwanted stuff on your computer is the stuff that security managers worry about at night.&nbsp; Just think of the amount of data that a half-million key loggers can pull?&nbsp; Think of the potential fallout of having to re-load (because cleaning isn&#39;t possible most of the time) every machine at your office... the possibility boggles the mind.</p> <p>What comes out in incidents like this, and sadly people still do not understand, is that an insecure web application/site does more than just possibly damage the host.&nbsp; A vulnerable site leaves its visitors vulnerable, which sets off a chain of reactions that resonates back into the CISO&#39;s office at any company that allows its users to browse the Internet.&nbsp; More on this in a future post.</p> <p>While I know it&#39;s rather un-common to have a php-facing application like this in an entierprise - it&#39;s definitely not impossible so I felt like I needed to notify and warn you readers.&nbsp; More as information comes in... if it comes in.</p><div style="clear:both;"></div><img src="http://www.communities.hp.com/securitysoftware/aggbug.aspx?PostID=77204" width="1" height="1">phpBBhackphp