An exploit has been released for a new security hole in phpBB, the popular web forum software. The attack has the potential to compromise any phpBB installation that has enabled the use of HTML in forum messages, a setting which is disabled in the default configuration. Allowing HTML in forms poses a security risk, but is popular with forum participants and thus may be activated by some web site operators. The vulnerability in version 2.0.18 was was featured on security sites Monday, and exploit code is now in the wild, according to the Internet Storm Center, which noted that "an exploit has been posted in several places that will do brute force dictionary attacks to get the passwords of phpBB users." The exploit can be defended if phpBB's "Allow HTML" and register_globals settings are both disabledContinue reading
The shared bookmarking site del.icio.us was offline Monday as it struggled to recover from a data center power outage several days earlier. The downtime at del.icio.us was the latest in a series of outages for services that are widely used by bloggers. The TypePad blog hosting service was unusable for most of Friday, while the popular web-based RSS reader BlogLines was offline Monday as it shifted equipment to a new data center operated by its parent company, Ask Jeeves.Continue reading
Problems persist at the popular blog hosting service TypePad, with numerous users reporting that they are unable to access their blog management system. In addition, a number of TypePad users report that posts from the past three days have disappeared from their blogs. While TypePad-hosted sites are visible, service operator Six Apart says the TypePad blogging application is currently unavailable and describes the status of TypePad sites as "degraded." In a subsequent update Six Apart attributed the problems to a disk failure during routine maintenance which forced them to restore blogs from backups that were several days old, which accounts for the missing posts.Continue reading
November 1st - 30th 2005
Hostway is the most reliable hosting company site this month, marking the third time this year that it has been on top of the performance rankings, having shared the top spot in May and September. This month also was the first time since March that a single host stood alone as most reliable.
Hostway's showing was the bright spot in a rough month for hosting reliability. Of the 50 hosting companies whose web sites we monitor, seven had outages exceeding two hours, and another 10 had measureable downtime. That included a brief (3-minute) outage for managed hosting provider Rackspace, which has led the reliability rankings six times in 2005 and had gone more than 20 straight months without a measurable outage. An outage at Go Daddy was attributed to a denial of service attack.
Three Linux sites are found in the top 10 this month, three on FreeBSD, two on Windows and one on Solaris.Continue reading
The U.S. government site that tracks cyber security risks was recently found vulnerable to cross-site scripting, a technique commonly used in hacker attacks and web site spoofing. Several security sites have published a demonstration of the security hole in the web site for the National Institute of Standards and Technology (NIST), which hosts the U.S. National Vulnerability Database, which ironically includes numerous examples of cross-site scripting.
The web site for the Recording Industry Association of America (RIAA) was offline for more than five hours yesterday. The downtime for riaa.com comes on the heels of extended performance problems late last week, marked by sporadic outages and slow response times, as visible on this performance chart:
A dynamically updating graph of the site performance of riaa.com is available here.
Last year the RIAA site experienced monthly outages coinciding with scheduled denial-of-service attacks by computers compromised by the MyDoom.F virus. The RIAA site has a history of outages related to DDoS attacks (including extended downtime in July 2002 and January 2003) and has frequently been defaced.