mrken
Dec 23rd, 2004, 02:29 AM
Just got this e-mail from <a href=../autolink/redirectpage.php?linkid=38 target=_blank>1and1</a>. My website (with 5 different bulletin boards) didn't get defaced. :cheesygri Probably not popular enough; only a visit or two a month. :lol:
Anyway, I thought <a href=../autolink/redirectpage.php?linkid=38 target=_blank>1and1</a> says that they expressly prohibits the use of any chat or bulletin board software on their MySQL servers. Maybe <a href=../autolink/redirectpage.php?linkid=40 target=_blank>1and1's</a> version of phpBB doesn't use a database? :rolleyes: :razz:
Dear Mr. Gates,
In the last couple of days there has been a growing incidence of webspaces being hacked which run the popular "phpBB" forum (or bulletin-board) software. The attacks exploit a serious vulnerability in this software and the result is often that the webpages of sites running phpBB are defaced, or that programs are run using the user-rights of the customer.
**************************
Versions affected:
**************************
All versions up to 2.0.10 are affected by this vulnerability. (You can find the version number in the footer of the forums.)
Typo3 earlier versions also use a modification of the phpBB software.
**************************
Upgrading:
**************************
If you are using an affected version of the software (prior to 2.0.10) you should, as a matter of urgency and as quickly as possible, upgrade to the most current version, 2.0.11, found on the developers website at:
http://www.phpbb.com/downloads.php
For a Typo3 installation, using the Extension Manager, remove the phpBB extension and install the most up-to-date version.
Currently potential hackers are making targeted scans for any websites with the affected phpBB version and using automated tools to exploit the vulnerability to carry out attacks. To avoid falling victim and having your web-presence misused or defaced, you should in your own interest urgently upgrade your phpBB version.
**************************
Further Information:
**************************
For further information about the most up-to-date version of phpBB, see:
http://www.phpbb.com
For current information about this vulnerability in phpBB, see:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636
http://www.kb.cert.org/vuls/id/497400
http://www.us-cert.gov/cas/techalerts/TA04-356A.html
**************************
Additional warning:
**************************
Other PHP-based software (eg. bulletin boards, weblogs, chatrooms) could be affected by this vulnerability. To protect yourself against such hacking exploits, you should regularly bring any such software up-to-date with the most current version.
If you have any queries regarding this email, please contact our expert support team for assistance.
Yours sincerely,
1&1 Internet
1and1.com
Anyway, I thought <a href=../autolink/redirectpage.php?linkid=38 target=_blank>1and1</a> says that they expressly prohibits the use of any chat or bulletin board software on their MySQL servers. Maybe <a href=../autolink/redirectpage.php?linkid=40 target=_blank>1and1's</a> version of phpBB doesn't use a database? :rolleyes: :razz:
Dear Mr. Gates,
In the last couple of days there has been a growing incidence of webspaces being hacked which run the popular "phpBB" forum (or bulletin-board) software. The attacks exploit a serious vulnerability in this software and the result is often that the webpages of sites running phpBB are defaced, or that programs are run using the user-rights of the customer.
**************************
Versions affected:
**************************
All versions up to 2.0.10 are affected by this vulnerability. (You can find the version number in the footer of the forums.)
Typo3 earlier versions also use a modification of the phpBB software.
**************************
Upgrading:
**************************
If you are using an affected version of the software (prior to 2.0.10) you should, as a matter of urgency and as quickly as possible, upgrade to the most current version, 2.0.11, found on the developers website at:
http://www.phpbb.com/downloads.php
For a Typo3 installation, using the Extension Manager, remove the phpBB extension and install the most up-to-date version.
Currently potential hackers are making targeted scans for any websites with the affected phpBB version and using automated tools to exploit the vulnerability to carry out attacks. To avoid falling victim and having your web-presence misused or defaced, you should in your own interest urgently upgrade your phpBB version.
**************************
Further Information:
**************************
For further information about the most up-to-date version of phpBB, see:
http://www.phpbb.com
For current information about this vulnerability in phpBB, see:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636
http://www.kb.cert.org/vuls/id/497400
http://www.us-cert.gov/cas/techalerts/TA04-356A.html
**************************
Additional warning:
**************************
Other PHP-based software (eg. bulletin boards, weblogs, chatrooms) could be affected by this vulnerability. To protect yourself against such hacking exploits, you should regularly bring any such software up-to-date with the most current version.
If you have any queries regarding this email, please contact our expert support team for assistance.
Yours sincerely,
1&1 Internet
1and1.com