Announcement

Collapse
No announcement yet.

phpBB Worm: Santy.A

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Sorry Zach - didn't know it had already been posted.

    Comment


    • #17
      Im confused. From what Ive read this targets phpBB forums. I got hit with this last night, but I run vBulletin.

      My newreply.php and newthread.php files were replaced with the "This site is defaced" message.

      Im running version 2.3.0.

      Any ideas? If there are phpBB forums on the same server as me do you think that could have done it?

      Comment


      • #18
        Originally posted by blazin
        Im confused. From what Ive read this targets phpBB forums. I got hit with this last night, but I run vBulletin.

        My newreply.php and newthread.php files were replaced with the "This site is defaced" message.

        Im running version 2.3.0.

        Any ideas? If there are phpBB forums on the same server as me do you think that could have done it?
        Yes. See this post on Slashdot:

        http://it.slashdot.org/comments.pl?s...3&cid=11153278
        AikiWeb Aikido Information

        Comment


        • #19
          there are other phpBB installations, none of them seem affected. For some reason the two files I lost that had writable permissions.

          I talked with my ISP about this, he says that there is no way that a phpBB vulernability could affect non-phpBB forums, or any other files on the server for that matter, because they couldnt get thru apache - and if they did that would be a bigger exploit with apache. I dont know enough about it to argue.

          Thoughts?

          Comment


          • #20
            If phpBB is run, it will exploit through that. .. trying to replace files and delete and stuff. Each account has different file setup and could be it deletes vB or IPB or any software files instead .. It is not a vBulletin issue.

            Comment


            • #21
              NeverEverNoSanity WebWorm

              It doesn't directly affect vbulletin but it does hit the server using PHP. My site is down because of this worm. None of my files have changed on the site but any and all php files are redirected to the "This site is defaced" page. My generation is 17. The host knows of the problem and is installing the newest version of PHP on their servers. They have thousands of servers to address so hopefully they will be getting to mine soon.

              Comment


              • #22
                Announcement
                http://www.vbulletin.com/forum/showthread.php?t=124008

                Comment


                • #23
                  This worm affects webservers using the vulnerable versions of PHP and phpBB. Even if your site DOES NOT run phpBB, but if someone eles's site does (shared host), your site is vulnerable.



                  What's going on: - It's looking for URLs containing "viewtopic.php" via Google
                  - via the highlight exploit they use system() and fwrite() calls to place the worm code somewhere on the file system
                  - php, htm files (and others) are overwritten in all directories accessible from the web root.

                  Comment

                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                  Working...
                  X