目前phpbb團隊出面澄清不是phpbb的程式漏洞目前尚因不明因素
連續有幾個大型phpbb論壇已經傳出入侵的消息
建議暫時關閉PHPBB論壇以保護伺服器
或是全面關閉檔案上傳
但在情況尚不明朗前 建議仍舊關閉檔案上傳 以策安全
引用:
--------------------------------------------------------------------------------
Warning, a security hole was recently found in AWStats versions from 5.0 to 6.2 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody").
If you use AWStats with another version or with option AllowToUpdateStatsFromBrowser to 0, you are safe. If not, it is highly recommanded to update to 6.3 version that fix this security hole.
--------------------------------------------------------------------------------
找到詳細的技術資料後 我再給大家參考~
,我也會持續注意這件事情的動向,再次感謝ang728