Shortly after 11:00pm lastnight an exploit script was run against my phpBB forums. Having laxed on my upgrade schedule, I was only at version 2.0.6 which was vulnerable to the exploit. Stavos alerted me that anyone attempting to login to the forums was greeted with a database error. The hack created a bogus user theme and then set all users to that theme. I'm not quite sure what it was supposed to do after that, but I noticed a few user accounts on the DB I didn't recognize and quickly deleted them, then upgraded the forums to the latest version. All this was finished by 11:00am today. I'm still sorting through the logs to find the IP that ran the exploit, but I'm guessing it was a random bot that got lucky. If I'm wrong, hopefully we'll see some interesting changes on the server in the next few days.
User Comments for 10-21-2005:
iT'S jUST tHE bEGINNING aTOMICiNTERENT! Q |
Damn you Q and your shenanigans! Jon Luke Picard |