I think my WWWBoard was hacked, how so?

WWWBoard 2.0 ALPHA 2 had a vulnerability in the followup field that could clobber messages or fill disk space. Upgrade to ALPHA 2.1 or apply the security patch. Also protect passwd.txt from dictionary attacks.

WWWBoard Security - Hacking Prevention FAQ #5

Short Answer

WWWBoard doesn't have the tightest security. If you're using version 2.0 ALPHA 2, upgrade to ALPHA 2.1 to fix major security problems.

Long Answer

The Followup Exploit

WWWBoard 2.0 ALPHA 2 did not validate the followup field. Attackers could:

Clobber specific messages
Overload HTML file sizes and fill up disk space

Security Fix

Find lines 133-135 in the standard distribution (ALPHA 2.0):

if ($FORM{'followup'}) {
   $followup = "1";
   @followup_num = split(/,/,$FORM{'followup'});

Add the following code after those lines:

# Changes based in part on information contained in BugTraq archives
# message 'WWWBoard Vulnerability' posted by Samuel Sparling Nov-09-1998.
# Also requires that each followup number is in fact a number, to
# prevent message clobbering.

local(%fcheck);
foreach $fn (@followup_num) {
   if ($fn !~ /^\d+$/ || $fcheck{$fn}) { &error('followup_data'); }
   $fcheck{$fn} = 1;
}
@followup_num = keys %fcheck;

Password Dictionary Attacks

Another common attack is dictionary attacks against the well-known location of passwd.txt.

Protection Tips

Choose a strong password (not a dictionary word)
Move passwd.txt to a non-standard location
Update the filename in wwwadmin.pl accordingly
Consider placing the file outside the web root

Historical Context

This vulnerability was documented in the BugTraq security mailing list archives, posted by Samuel Sparling on November 9, 1998. It represents an important lesson in CGI security: always validate user input, especially when it affects file operations.