Rich Miller reported at NetCraft that Some web hosts are banning the use of phpBB in the wake of persistent security problems for the popular open source web forum program. The move follows renewed attacks on phpBB after a software update mistakenly reintroduced a coding error that enabled a December worm attack that defaced thousands of phpBB sites.
The latest security incident involved the restoration of a security flaw in a file called viewtopic.php, which was fixed in version 2.0.12 but apparently reintroduced in updated code for version 2.0.15. A fix is included in a new update of phpBB, which remains has had persistent security problems in recent months. But the reinstallation of the security flaw was problematic, as exploit code for the viewtopic.php hole is widely available on the Internet.
Tags: No Tags
No Responses
Leave a Response