UGN Security Forums UGN Security: Underground News Technology phpBB.com defaced

The popular phpBB forum has been taken offline after hackers cracked into its server and defaced its website yesterday. The open source project's website was attacked using a vulnerability in a package called AWStats announced 17 January. The same exploit has also been used to attack several popular weblogs in recent days, Netcraft reports.

phpBB has been a target for attack before. In December 2004 malware authors created a worm that attacked web servers running the popular phpBB discussion forum software to deface vulnerable systems. The Santy worm hit thousands of sites.
SOURCE

I love the message on pnphpbb.com right now about them having their own server; last i checked they didn't heh...

Additionaly, the error with awstats was fixed in 6.3, their fault for not upgrading... Speaking of which, time for me to upgrade a few sites...

Also, from the AWStats homepage:
If you use AWStats with another version or with option AllowToUpdateStatsFromBrowser to 0, you are safe. If not, it is highly recommanded to update to 6.3 version that fix this security hole.

I don't even KNOW ANYONE who would like to allow their users to update their webstats at will... their own fault