Slashdot Mirror

← Back to Stories (view on slashdot.org)

phpBB Forum Down After Defacement

Posted by Zonk on Tuesday February 8, 2005 @07:13AM

kv9 writes "The phpBB forum has been closed down after the host was cracked into, apparently because of an AWStats hole. Several blogs have been attacked using the same method. Commentary on Netcraft, The Reg and SecurityFocus"

1 of 49 comments (clear)

Min score:

Reason:

Sort:

Re:Meanwhile by wizbit · 2005-02-08 07:41 · Score: 3, Insightful

It's not a buffer overflow, it's poor use of the open command in perl and hideously bad security practice to allow that command's arguments to a) contain practically any arbitrary value, and furthermore b) be passed from any browser that can find the script location. But this is why we chroot jail CGI scripts and avoid stupid use of system calls.