Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mass Website Hack Compromises 200,000 Sites

Posted by Zonk on from the that-is-a-lot-of-angry-pr0n-bots dept.

Stony Stevenson writes "Hot on the heels of a recent hack in which 10,000 sites were compromised, researchers have disclosed a new large-scale attack. Researchers at McAfee estimated that the attack has been active for roughly one week, and in that time frame has managed to place itself on roughly 200,000 web pages. Most of the infected pages are running the phpBB forum software, said McAfee. The compromised pages are embedded with a Javascript file that links to the site hosting the attack."

2 of 153 comments (clear)

  1. why this happens by ILuvRamen · · Score: 5, Interesting

    My old phpBB forum got hacked. Wanna know why? Cuz I used the auto-installing plugin that my host provided. It was about 20 versions behind and they NEVER updated it. So it had a gaping security hole in it. And guess what else! I couldn't patch it because it was considered some sort of embedded plugin that I couldn't tocuh the system files of. I had to install a fresh, updated version and phpBB and then copy the database over AND alter the database manually to reflect all the changes between between versions, which was a major pain in the ass. Needless to say I was pissed. Oh and I tried to sue/have arrested those Zone-H assholes that posted it like it was some sort of trophy case but apparently they're not hosted in the US so I dropped it. I would be willing to guess that every single hack was because of outdated phpBB quick installs like ipowerweb makes available on their servers.

    --
    Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
  2. I'm running phpBB by HangingChad · · Score: 5, Interesting

    But I've made some modifications to my install. I replaced the registration and profile pages with a web form that posts to an Email parser. There was a lot of activity the last few days, spam registrations out the yang.

    It's funny because to them it looks like the registration page and they keep running scripts against it. I block the IP ranges of the spam registrations at the boundary but they just keep block hopping.

    They'll still get a script reg through sometimes, so there's something I'm missing. I could just install the security updates but it's so much more fun to try and tweak it myself.

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage