A handful of Web sites, including the site for the popular open source bulletin board project phpBB, were recently compromised by a group apparently trying to make a political point.
A member of the phpBB team, who had been trying to post on the project’s development bulletin board, reported that the site, phpbb.com, was down. Developers were apparently locked out of the site by the hackers.
The hackers replaced the phpbb.com front page with a picture of U.S. President George Bush’s head pasted onto the body of a monkey and a message in Portuguese advocating that people use their lives to make others happy and to appreciate flowers. The hackers, calling themselves the Simiens Crew, are apparently from Brazil and were protesting against Bush.
The phpBB team posted a short message on the compromised Web page. “At present www.phpbb.com is offline due to a group of politically motivated hackers wishing to use an open source project to push their agenda…shame on them,” the message said.
The hackers also hit several other sites apparently using AWStats, an open source Web site statistics generator. The phpBB team’s message said the compromise appeared to be in AWStats, and the AWStats Web site included a warning about a vulnerability in old versions that allows remote users to execute arbitrary commands on servers using AWStats. The AWStats Web site recommended users update their AWStats version to 6.3.
In the phpBB team’s Web site message, the group said it wouldn’t comment further while it investigates the compromise. One member of the team, contacted by e-mail, referred to the Web site message, but also noted the vulnerability had nothing to do with phpBB itself.
“Since it would be totally inappropriate in this situation to simply ‘restore’ (without investigating what happened we could simply be restoring an already vulnerable system) the box is being shipped from its data centre to our server manager,” the Web site message said. “There it will be analysed so we can confirm just what happened. Of course a full reinstall will then be performed after recovering the database. This will take some time. We are hoping to have an intermediate solution but there are no guarantees this is doable, or even worthwhile given the time frames.”
Quick Link: 050541