With the escalating tide of targeted website attacks, server administrators and webmasters would be well advised to examine their logs to predict, prevent and interdict enemy attacks. These attacks can come in a variety of forms, but aside from cross-site javascript attacks, the most prevalent in the second quarter of 2008 are PHP and SQL injection attacks targeting vulnerable systems and websites. The more common attacks appear to be targeted at websites using open source platforms and forums such as WordPress and phpBB.

While WordPress and phpBB may be targeted because of their wide use and the fact that hackers can view the code and thus experiment with a variety of hacking techniques until finding one that works, no website running SSIís with database backends should be considered safe. But WordPress and phpBB users running older unpatched versions of the products and websites accepting unvalidated variables are at the most risk.

Read entire article here...