Sorry Zach - didn't know it had already been posted.
phpBB Worm: Santy.A
Collapse
X
-
-
Im confused. From what Ive read this targets phpBB forums. I got hit with this last night, but I run vBulletin.
My newreply.php and newthread.php files were replaced with the "This site is defaced" message.
Im running version 2.3.0.
Any ideas? If there are phpBB forums on the same server as me do you think that could have done it?Comment
-
Originally posted by blazinIm confused. From what Ive read this targets phpBB forums. I got hit with this last night, but I run vBulletin.
My newreply.php and newthread.php files were replaced with the "This site is defaced" message.
Im running version 2.3.0.
Any ideas? If there are phpBB forums on the same server as me do you think that could have done it?
Yes and no. It will protect your boards from being targeted by the Google component of the worm. However, if your boards are running on a shared server, and someone else has a vulnerable version of phpBB installed on their space, you could still be vulnerable. The worm is designed to poke around onc...Comment
-
there are other phpBB installations, none of them seem affected. For some reason the two files I lost that had writable permissions.
I talked with my ISP about this, he says that there is no way that a phpBB vulernability could affect non-phpBB forums, or any other files on the server for that matter, because they couldnt get thru apache - and if they did that would be a bigger exploit with apache. I dont know enough about it to argue.
Thoughts?Comment
-
NeverEverNoSanity WebWorm
It doesn't directly affect vbulletin but it does hit the server using PHP. My site is down because of this worm. None of my files have changed on the site but any and all php files are redirected to the "This site is defaced" page. My generation is 17. The host knows of the problem and is installing the newest version of PHP on their servers. They have thousands of servers to address so hopefully they will be getting to mine soon.Comment
-
-
This worm affects webservers using the vulnerable versions of PHP and phpBB. Even if your site DOES NOT run phpBB, but if someone eles's site does (shared host), your site is vulnerable.
What's going on: - It's looking for URLs containing "viewtopic.php" via Google
- via the highlight exploit they use system() and fwrite() calls to place the worm code somewhere on the file system
- php, htm files (and others) are overwritten in all directories accessible from the web root.Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment