Client website Hacked!

One of my web hosting clients, Informatics Computer Institute – Commonwealth, Philippines, has an online forum that no one barely talks in it, most of the time me since it is a computer school website and is interested to talk about computer stuff but people barely talk. Anyway, they run phpBB, and we already know in the past history of phpBB, Invision Power board, SMF Forums, VBulletin and all these other message boards, I think the most times I heard a board be hacked, I think I have only heard this happen on phpBB. Check the forum if they are still in the hack mode on the Informatics website.

I simply looked at the source, does not look anything high-tech. It was just a posting with HTML code, a big div tag, a large width and height, with a high z-index, colored it black and it is done. Looks valid to be done on anything with HTML input allowed with no restriction on the kinds of tags. I guess that is all what phpBB needs to work on, the type of HTML tags allowed.