phpBB Site Cracked, Developers Locked Out

The server hosting the main site for the phpBB bulletin board has been cracked, leaving the development team locked out of its primary server. The open source project's web site was compromised using a vulnerability in a separate program, AWStats, which was announced Jan. 17 and has also been used to hack several popular weblogs in recent days.

The site blamed the intrusion on "a group of politically motivated hackers" wishing to publicize an agenda. "While the group who did this say they changed only a single password, we have lost all access to the server, " the team states. "This means we cannot access the system even in single user mode." The compromised server is being shipped from the project's data center to its server manager, meaning the site is unlikely to be restored immediately.

phpBB is among the web's most popular bulletin board programs, with more than 150,000 registered members of its user forum. In recent months it has been in the news for security issues, including the defacing of numerous phpBB sites by the Santy worm and the release of code that can exploit weaknesses in PHP to steal administrative passwords for phpBB forums.

Last October the web site of another open source content management system, PostNuke, distributed hacked code for more than 32 hours before site maintainers addressed the security breach. The compromise was b;amed on an insecure third-party application.

The Netcraft Network Examination is an automated vulnerability test of Internet-connected networks which checks for new security vulnerabilities and configuration errors caused by system and network maintenance.