a note from Graham at phpbb…“Our system was compromised Sunday evening by a group of hackers/crackers who (based on available information apparently corroborated by said hackers/crackers) used an exploit in awstats to gain entry. I’ll repeat this very clearly since some people and worse some hosting providers are not listening to what is being said. Based on said information we do not believe, nor do we have any reason to believe, that our system was compromised due to any fault in phpBB 2.0.11.”
They had not updated their AWSTATs. It looks as if it had nothing to do with php or phpbb.
My question is…if someone on a shared server is using awstats, am i at risk on that same shared server?
As for your 2.0.11 phpbb, you may want to wait until phpbb is back up and running but read the ‘Anty-Santy’ thread. If my memory serves me (it’s early here) there were a few users, who, after upgrading to 2.0.11, had problems. This was due (my memory is bad) to them getting hacked prior to updating to 2.0.11, which left some vulnerabilities in the viewtopic.php and something else…