Political hackers compromise phpBB site

A handful of Web sites, including the site for the popular open source bulletin board project phpBB, were recently compromised by a group apparently trying to make a political point.

A member of the phpBB team, who had been trying to post on the project’s development bulletin board, reported that the site, phpbb.com, was down. Developers were apparently locked out of the site by the hackers.

The hackers replaced the phpbb.com front page with a picture of U.S. President George Bush’s head pasted onto the body of a monkey and a message in Portuguese advocating that people use their lives to make others happy and to appreciate flowers. The hackers, calling themselves the Simiens Crew, are apparently from Brazil and were protesting against Bush.

The phpBB team posted a short message on the compromised Web page. “At present www.phpbb.com is offline due to a group of politically motivated hackers wishing to use an open source project to push their agenda…shame on them,” the message said.

The hackers also hit several other sites apparently using AWStats, an open source Web site statistics generator. The phpBB team’s message said the compromise appeared to be in AWStats, and the AWStats Web site included a warning about a vulnerability in old versions that allows remote users to execute arbitrary commands on servers using AWStats. The AWStats Web site recommended users update their AWStats version to 6.3.

In the phpBB team’s Web site message, the group said it wouldn’t comment further while it investigates the compromise. One member of the team, contacted by e-mail, referred to the Web site message, but also noted the vulnerability had nothing to do with phpBB itself.

“Since it would be totally inappropriate in this situation to simply ‘restore’ (without investigating what happened we could simply be restoring an already vulnerable system) the box is being shipped from its data centre to our server manager,” the Web site message said. “There it will be analysed so we can confirm just what happened. Of course a full reinstall will then be performed after recovering the database. This will take some time. We are hoping to have an intermediate solution but there are no guarantees this is doable, or even worthwhile given the time frames.”

Quick Link: 050541

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now