I think my WWWBoard was hacked, how so?
Short Answer: WWWBoard doesn’t have the tightest security. If you are you are using version 2.0 ALPHA 2, upgrade to ALPHA 2.1, as I fixed a couple major problems. Long Answer: WWWBoard 2.0 ALPHA 2 did not check the value of the followup field, and some people found an exploit that would clobber specific messages, or overload the size of the HTML file and fill up the disk using this exploit. This has been fixed in version 2.0 ALPHA 2.1, and can be fixed simply by finding lines 133 – 135 (in the standard distribution of ALPHA 2.0) which look like: if ($FORM{‘followup’}) { $followup = “1”; @followup_num = split(/,/,$FORM{‘followup’}); and adding the following afterwards which refuses to allow any form that has a followup number duplicated or non-numeric to be posted: # Changes based in part on information contained in BugTraq archives # message ‘WWWBoard Vulnerability’ posted by Samuel Sparling Nov-09-1998. # Also requires that each followup number is in fact a number, to # prevent messag
