In case you weren’t aware phpBB.com was breached using an exploit in phpList. Here is a quick and very dirty rule to protect your servers while you get phpList updated.
SecRule ARGS_NAMES “ConfigFile” “deny,log,auditlog,redirect:http://127.0.0.1”
Anyone passing the Argument ConfigFile via the URL needs shooting >.<
Please note the fix that phpList have released fixes this problem but doesn’t fix the underlying cause of the problem.
http://www.suspekt.org/2009/02/06/some-facts-about-the-phplist-vulnerability-and-the-phpbbcom-hack/
Leave a Reply