Speed Racer
12-22-2004, 10:53 PM
http://www.pcworld.com/news/article/0,aid,119029,00.asp
http://www.theregister.co.uk/2004/12/21/santy_worm
http://www.kaspersky.com/news?id=156681162
I see that we have 2.0.4.
Probably good to upgrade since it appears to be a vuln. in 'viewtopic.php' which we definitely use.
Regards,
Sten
A worm which attacks web servers running the popular phpBB discussion forum software to deface vulnerable systems spread widely across the net today.
The Santy worm searches for vulnerable forum sites using Google. When a suitable target is found, Santy uses a remote exploit to gain access and deface it before resuming its scanning activity. Content on defaced sites is replaced by the following text string.
"This site is defaced!!!" NeverEverNoSanity
Apart from defacing infected sites with this text, the worm has no payload. It will not infect PC used to view infected sites. F-Secure, the Finnish anti-virus firmm estimates there more than one million sites use the vulnerable phpBB software, of which tens of thousands have already been defaced. Users of phpBB are advised to update to version 2.0.11. ®
Thanks to Sten for that heads-up.
Based on what I've read, this needs to be done like, yesterday. I've downloaded the new version of phpBB2 2.0.11 and I'm reading about the upgrade. Forum is 100% backed up as of about an hour ago, so that should be fine. I'm reading about the process on the phpBB2 website right now - there goes my evening I guess. :roll:
You will notice that the forum will be on/off line this evening. Please be patient...I'm not about to lose all our info, just because some script kiddie FAG wrote a worm that exploits older versions of phpBB2.
*crosses fingers* 8)
http://www.theregister.co.uk/2004/12/21/santy_worm
http://www.kaspersky.com/news?id=156681162
I see that we have 2.0.4.
Probably good to upgrade since it appears to be a vuln. in 'viewtopic.php' which we definitely use.
Regards,
Sten
A worm which attacks web servers running the popular phpBB discussion forum software to deface vulnerable systems spread widely across the net today.
The Santy worm searches for vulnerable forum sites using Google. When a suitable target is found, Santy uses a remote exploit to gain access and deface it before resuming its scanning activity. Content on defaced sites is replaced by the following text string.
"This site is defaced!!!" NeverEverNoSanity
Apart from defacing infected sites with this text, the worm has no payload. It will not infect PC used to view infected sites. F-Secure, the Finnish anti-virus firmm estimates there more than one million sites use the vulnerable phpBB software, of which tens of thousands have already been defaced. Users of phpBB are advised to update to version 2.0.11. ®
Thanks to Sten for that heads-up.
Based on what I've read, this needs to be done like, yesterday. I've downloaded the new version of phpBB2 2.0.11 and I'm reading about the upgrade. Forum is 100% backed up as of about an hour ago, so that should be fine. I'm reading about the process on the phpBB2 website right now - there goes my evening I guess. :roll:
You will notice that the forum will be on/off line this evening. Please be patient...I'm not about to lose all our info, just because some script kiddie FAG wrote a worm that exploits older versions of phpBB2.
*crosses fingers* 8)