We don't run PHP on this machine. There must be a way at the Web server level to prohibit it from writing scripts to the filesystem and then executing them. Right?? On 9/27/05, Station51 Donations <donations@xxxxxxxxxxxxx> wrote: > Hello, > > We discovered this problem on our own server quite some time ago. It was > linked to a problem with the forum software, phpBB. If you or anyone on the > server (customers etc) are running it, they should be advised to upgrade to > the latest versions. This also goes for any *Nuke software such as postnuke > and other content management systems. Their spaghetti coded and often have a > lot of security problems. Our servers are now forbidding clients to install > any nuke CMSes as well as install phpBB because we feel its simply not worth > the risk of our entire customer base. > > Someone here probably has more technical documentation about the specific > phpBB/webalizer bug I'm referring to. > > Thanks, > Bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx