Phpbb hacked through phpList?

Discussion about the phpList community

Phpbb hacked through phpList?

Postby IG88 » 11:48pm, Sat 07 Feb, 2009

What happened to the phpbb site?


Maintenance

We are sorry to report that we have been attacked through a 0-day-exploit in our PHPList installation (responsible for the mailing list about new releases). phpBB will remain unavailable while we work to recover. No vulnerabilities have been found in the phpBB software itself.


– the phpBB team
IG88
phpLister
 
Posts: 5
Joined: 9:59pm, Tue 27 Jan, 2009

Postby H2B2 » 1:40am, Sun 08 Feb, 2009

Yes, apparently they where hacked:
As you may already be aware from the message on phpBB.com or the topic in the #phpBB channel on Freenode, we have recently been attacked via a vulnerability in an outdated PHPList installation. The initial attack was performed well before a new version of the software was released or a patch provided. It is important to stress that no vulnerabilities have been found in the phpBB software itself.
Source: http://area51.phpbb.com/phpBB/viewtopic.php?f=3&t=29973
[Note: "outdated" in this citation is stressed by me]

This occurrence is being discussed here: http://area51.phpbb.com/phpBB/viewtopic.php?f=3&t=29974


This again underlines the importance of upgrading to the latest security update, currently phplist v2.10.9
H2B2
Moderator
 
Posts: 7188
Joined: 1:51am, Wed 15 Mar, 2006


Return to Community

Who is online

Users browsing this forum: No registered users and 2 guests