Hack source found

The nice folks at Pipex emailed me this evening to say that they’d located the source of my website hack, from my website logs. It appears that on 9 July someone exploited a vulnerability in an old version of phpBB (I think it was 2.0.8) that was still residing on my server (albeit not being used).

The phpBB vulnerability allowed someone to upload a file (or files) to my server and execute them. I’ve no idea what they’ve been using them for: DOS attack, spamming, or just a simple site hijack?

I deleted phpBB from my server a couple of weeks ago, but too late! This evening I updated the phpBB forum on the exNYCgb website.

Published by

Gareth Saunders

I’m Gareth J M Saunders, 50 years old, 6′ 4″, father of 3 boys (including twins). Enneagram type FOUR and introvert (INFP), I am a non-stipendiary priest in the Scottish Episcopal Church, I sing with the NYCGB alumni choir, play guitar, play mahjong, write, draw and laugh… Scrum master at Safeguard Global; latterly at Sky and Vision/Cegedim. Former web architect and agile project manager at the University of St Andrews and previously warden at Agnes Blackadder Hall.

One thought on “Hack source found”

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.