phpBB Site Cracked, Developers Locked Out
8th February, 2005
The phpBB.com site blamed the intrusion on "a group of politically motivated hackers" wishing to publicize an agenda. "While the group who did this say they changed only a single password, we have lost all access to the server, " the phpBB.com team states. "This means we cannot access the system even in single user mode." The compromised server is being shipped from the project's data center to its server manager, meaning the site is unlikely to be restored immediately.
phpBB is among the web's most popular bulletin board programs, with more than 150,000 registered members of its user forum. In recent months it has been in the news for security issues, including the defacing of numerous phpBB sites by the Santy worm and the release of code that can exploit weaknesses in PHP to steal administrative passwords for phpBB forums.
Last October the web site of another open source content management system, PostNuke, distributed hacked code for more than 32 hours before site maintainers addressed the security breach. The compromise was b;amed on an insecure third-party application.
The Netcraft Network Examination is an automated vulnerability test of Internet-connected networks which checks for new security vulnerabilities and configuration errors caused by system and network maintenance.