Home ArniesAirsoftArn's Blog phpBB and PHP critical updates

phpBB and PHP critical updates

by Arnie

I don’t often bother with such updates, but as this one has already affected some Airsoft websites in the world and is sure to affect more it needs to be posted.

PHP and phpBB are two very common software sets out on the internet these days, and recently critical updates have been released for both because of newly apparent security holes that could be exploited. Versions of PHP prior to 4.3.10 and phpBB prior to 2.0.11 are at risk. The fixes for phpBB have been out since the 4th however many websites are still running the older versions and as of yesterday the Santy.A worm started doing the rounds. This new worm is a perl script that makes use of the highlighting exploit to deface sites running the older versions of phpBB.

A cursory look on the net shows that there’s more than just a few Airsoft forums and websites out there running phpBB that are not up to date. If you are a member of a forum or reader of a website elsewhere that runs on phpBB that is not up to date (latest version for phpBB is currently 2.0.11 – normally shown in the footer the very bottom of the page) please do your local website or colleagues/friends a favour and email the webmaster/owner of that site to remind them to check and upgrade their software urgently.

Major Airsoft websites in USA and Canada have already been caught out; true a website owner should actively keep on top of their updates anyway, but at this time of year effort can somewhat lapse and people can get distracted.. well you know how it is. Help from the community will go a long way to helping stop any other needles defacements or attacks.

You may also like

Cookies are used improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More