Missy Koos wrote: > Hi, everyone! > > This is more of a web server thing, but I figure some people are maintaining > web servers too, so... > > Is anyone else running phpBB? > I've been noticing some odd activity that I think may be a spamming exploit > in the profile.php, but I wanted to see if there is anyone else noticing > people setting up bogus accounts on forums. The mail from their account > creation bounces back and most of them are less than tasteful account names. > > In this I've found that if the profile.php within phpBB cannot find URL > variables then it looks for form variables, which in turn makes it very > vulnerable to XSS (Cross Site Scripting) attacks. I haven't found any > particular exploits or known vulnerabilities that do exactly what I'm seeing > which is why I think it may be a form of spam exploit. Or just naughty > people trying to use my server to infect people using the avatar exploit > that also exists in profile.php. > > Anyway, any one else seeing odd mail bounce backs from bogus accounts or > profile.php showing up in the logs with no URL variables attached? http://www.php.net/security-note.php dpk