Web Hosting Forum | Lunarpages

Author Topic: PHP/PHPbb Exploits  (Read 5817 times)

Offline Admin

  • Über Jedi
  • *****
  • Posts: 2530
    • Lunarpages Web Hosting
PHP/PHPbb Exploits
« on: December 21, 2004, 11:35:43 AM »
The following is being sent to all customers:

Hello,

Lunarpages wants to clarify some confusion regarding current exploits involving PHP and PHPbb.  

Recently we emailed all customers notifying them to make sure to upgrade their PHPbb (a third party application bulletin board) to the latest version as there are known, serious exploits on any version lower that 2.0.11. This must be done.  We are seeing many customers who are having problems with their boards getting hacked because they have not upgraded.  Please see the following articles for more information on this:  http://www.kaspersky.com/news?id=156681162 or http://www.phpbb.com/phpBB/viewtopic.php?t=248811&highlight=worm.  

Also, there is a known exploit in PHP itself (the programming language).  Lunarpages is diligently working to upgrade all servers to the latest version of PHP and Zend Optimizer.  We are upgrading to PHP version 4.3.10 and Zend Optimizer to cversion 2.5.7.  These are completely separate issues.  Just upgrading PHP on the servers to the current version will not fix exploits in PHPbb.  We have yet to see any serious issues regarding the PHP exploit however; we will still ensure we have the latest, most secure version available.

PHPbb boards running versions less than 2.0.11 must be upgraded.  It is imperative that this email is not ignored and that all customers who run a PHPbb board upgrade immediately to protect the integrity of their site.  

Please note that it is your responsibility to keep current backups of your site and that you should always back up your site before any major change.  Lunarpages can supply a backup to you.  However, restoring a site is charged at $75.00 per hour.  To get a quote for this or for questions or concerns regarding this email, please contact support@lunarpages.com.

Thank you for your immediate attention to this matter.

Lunarpages Support

 

Share |