just got hacked!!!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • JPT62089
    Senior Member
    • Jun 2004
    • 779
    • 3.6.x

    just got hacked!!!

    hey I just got hacked!!! All of my files were changed to this:

    This site is defaced!!!

    NeverEverNoSanity WebWorm generation 11.
    What caused this? do any of you know?
    http://helpmegetamac.net/blackapple.gif MacBook Pro 15.4" Core2Duo 2.33GHz.
  • Wayne Luke
    vBulletin Technical Support Lead
    • Aug 2000
    • 73981

    #2
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment

    • Scott MacVicar
      Former vBulletin Developer
      • Dec 2000
      • 13286

      #3
      Means a phpBB installed somewhere on your server was hacked.,
      Scott MacVicar

      My Blog | Twitter

      Comment

      • Floris
        Senior Member
        • Dec 2001
        • 37767

        #4
        Do you run phpBB aside your vBulletin installation?

        Comment

        • JPT62089
          Senior Member
          • Jun 2004
          • 779
          • 3.6.x

          #5
          yes one of my friends runs php on my account... I just upgraded phpbb Also my host had a back up so I am back to normal and if this happens again I am saying goodbye to my friends site \

          Thanks for the info!
          http://helpmegetamac.net/blackapple.gif MacBook Pro 15.4" Core2Duo 2.33GHz.

          Comment

          • MGM
            Senior Member
            • Aug 2002
            • 3653
            • 3.6.x

            #6
            Originally posted by JPT62089
            yes one of my friends runs php on my account... I just upgraded phpbb Also my host had a back up so I am back to normal and if this happens again I am saying goodbye to my friends site \

            Thanks for the info!
            I'd shut it down and remove the files temporarily until phpBB fixes this... or did they already? Seeing as how you said you updated it already then they might have fixed it

            MGM out

            Comment

            • Matthew Gordon
              Senior Member
              • May 2002
              • 3243
              • 1.1.x

              #7
              I don't follow phpBB, but apparently it was fixed in November with 2.0.11.

              Comment

              • JPT62089
                Senior Member
                • Jun 2004
                • 779
                • 3.6.x

                #8
                yup it is now running on phpbb 2.0.11 so I should be safe for a bit lol
                http://helpmegetamac.net/blackapple.gif MacBook Pro 15.4" Core2Duo 2.33GHz.

                Comment

                • AWS
                  Senior Member
                  • Apr 2000
                  • 1830
                  • 5.2.x

                  #9
                  The exploit uses a hole in php. It just so happens the worm targets phpbb intstalls. It probably won't be long before they target other forum software.
                  Time to upgrade php everyone if you haven't already.
                  Admins Zone - Resources for Forum Administrators

                  Comment

                  • akiy
                    Senior Member
                    • Apr 2000
                    • 157

                    #10
                    Originally posted by AWS
                    The exploit uses a hole in php.
                    Actually, it uses a bug that was in phpBB's "highlight" function, not the serialize/unserialize bug that was recently announced for php.

                    From http://isc.sans.org/diary.php?date=2004-12-21:

                    "As part of our first post on this, we speculated that the worm may be using one of the recent problems in php to spread. After getting a hold of the code, it turned out that it is specific to phpBB and only uses the highlight vulnerability in phpBB."
                    Time to upgrade php everyone if you haven't already.
                    A good idea, in any case.
                    AikiWeb Aikido Information

                    Comment

                    • AWS
                      Senior Member
                      • Apr 2000
                      • 1830
                      • 5.2.x

                      #11
                      I just read The Reg and seen it was a phpbb exploit and not a php exploit that was reported last night.
                      In any case exploiting security holes in forum software just took a turn for the worse.
                      Admins Zone - Resources for Forum Administrators

                      Comment

                      • Floris
                        Senior Member
                        • Dec 2001
                        • 37767

                        #12
                        Originally posted by AWS
                        I just read The Reg and seen it was a phpbb exploit and not a php exploit that was reported last night.
                        In any case exploiting security holes in forum software just took a turn for the worse.
                        The exploit is so serious that you give remote access to do whatever you want on the shell. For example, edit, replace and remove files. Which is exactly what this worm did.
                        It is a worm because it used Google to spider for phpBB powered sites and then exploit it.

                        Comment

                        • Scott MacVicar
                          Former vBulletin Developer
                          • Dec 2000
                          • 13286

                          #13
                          vBulletin had these holes once apon a time too but we sorted ours several years ago in 2.0.0 beta series in 2001.
                          Scott MacVicar

                          My Blog | Twitter

                          Comment

                          • AWS
                            Senior Member
                            • Apr 2000
                            • 1830
                            • 5.2.x

                            #14
                            Originally posted by Scott MacVicar
                            vBulletin had these holes once apon a time too but we sorted ours several years ago in 2.0.0 beta series in 2001.
                            Do you have a security audit done on the code before major releases?
                            Admins Zone - Resources for Forum Administrators

                            Comment

                            • Colin F
                              Senior Member
                              • May 2004
                              • 17689

                              #15
                              I think I remember reading something about this long ago, and if I recall correctly this was the case (then).

                              No idea how it's handled now...



                              (then again I might be wrong )
                              Best Regards
                              Colin Frei

                              Please don't contact me per PM.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...