A published exploit demonstrates how to use new security holes in PHP
to steal database passwords for the popular phpBB
bulletin board program. The release of a working exploit on Friday, just two days after the flaws were announced, provides additional incentive for web hosts to upgrade to secure new versions of PHP
The phpBB development team has notified users of the exploit, which was published on the BugTraq mailing list and several web sites. "This is not a phpBB exploit or problem, it's a PHP issue and thus can affect any PHP script which uses the noted functions," the phpBB advisory said, urging users and hosting providers to upgrade their PHP installations. Similar advice is being offered by the PHP project site, which has fixed the bugs in versions 4.3.10 and 5.0.3.
PHP, an open source server-side scripting language, is widely used to power web applications that connect with databases such as MySQL, and is commonly bunded with shared hosting accounts offered by web hosting providers. phpBB is among the web's most popular bulletin board programs, with more than 156,000 registered members of its user forum.
Comment spam attacks on Movable Type
weblogs are straining servers at web hosting companies, leading some providers to disable comments on the popular blogging tool. The issues are caused by bugs in MT
, forcing publisher Six Apart
to recommend configuration changes while it prepares fixes.
The server load issues have affected "a number of web hosts," according to Six Apart's Jay Allen, and are "especially evident in shared hosting environments." Allen said the problems are tied to two bugs that cause Movable Type to rebuild posts even when no pages are being changed, allowing comment spam attacks to tie up server resources. Six Apart is promising a fix within 48 hours.
Comment spam, also known as link spam, is believed to boost a site's ranking in Google, which uses inbound links as a measure of a site's popularity. Spammers are using automated scripts to bombard weblogs with comments that include links to sites offering prescription drugs or porn. While weblogs on all platforms have been affected, Movable Type and its mt-comments.cgi script have become a particular target.
Phishing scams are targeting domain name owners, including one that sent emails from a domain that resembles the Canadian Internet Registration Authority (CIRA)
in an effort to trick registrants into providing usernames and passwords for their domain management accounts.
The CIRA warned .ca domain owners about the scam, which sends emails orginating from the address firstname.lastname@example.org, rather than the group's official compliance email address, compliance at cira.ca. The use of such "look-alike" domains has become common in phishing scams targeting financial institutions. The scam email says the CIRA is "exercising our right to verify the registrant information." This tactic mimics legitimate emails sent in recent weeks by numerous registrars, who sought to verify account information ahead of an ICANN rule change.
It's been a dynamic year for the web hosting industry, as the Internet has added more than 10.9 million hostnames in 2004. The list of the year's most successful hosting companies is populated with familiar names.
Notably, the five hosting providers that gained more than 100K active sites during 2004 did so entirely through organic growth, rather than acquisitions. Leading the pack was German giant 1&1 Internet, which expanded into the American market even as it continued to gain customers in Europe. Next is The Planet, which experienced a huge year as it found a product positioning sweet spot with its customizable menus of managed services atop dedicated servers.
Top Hosting Providers By Active Site Growth, Dec 03 to Dec 04
is buying the hosting business of Teles AG
, one of the world's largest with more than 1 million active sites. Freenet will pay 132 million Euros ($175.7 million) to acquire the Tect
hosting brands, continuing an active consolidation of Europe's hosting industry.
The Teles hosting brands, which we group under Tect AG for measurement purposes, house more than 1.1 million active sites and 2.2 million hostnames. Freenet said it was particularly interested in Tect's success in dedicated hosting, one of the fastest-growing and most profitable sectors of the hosting business. Tect added 1,383 servers in the six-month period between April and October, growing 45 percent in that period, according to our Hosting Provider Server Count.
Last week's exploit of the SunTrust bank web site
demonstrates that phishing operations are actively analyzing financial web sites for weaknesses. As phishing activity continues to escalate, e-commerce security is under scrutiny, reinforcing the need for banks and online retailers to discover security holes in their web sites, lest the phishers find them first.
The cost of a security lapse goes beyond the direct financial losses and the "headline risk" of adverse publicity, as regulators and lawmakers are paying attention as well. "As phishing attacks are indeed a potential risk, regulators examine the processes used to combat such attacks to determine if they are appropriate to the risk," said Robert Wicksell of the U.S. Office of the Comptroller of the Currency (OCC), who said banking regulators are "highly focused on this issue."
A key question is whether financial sites' defenses are adequate against known threats such as cross-site scripting, the technique used to exploit the SunTrust site. A similar weakness was found in the Bank One web site on Thursday. The incidents come five months after numerous e-commerce sites were proven vulnerable to cross-site scripting attacks by an online demo that inserted content into the web sites of MasterCard and Barclays, among others.