12-25-2004, 03:19 PM
|
|
Web Hosting Master
|
|
Join Date: Apr 2003
Location: NC
Posts: 2,911
|
|
new phpBB worm effects ALL versions
http://www.securityfocus.com/archive...2/2004-12-28/0
Apparently the new version will work with any version of phpBB even 2.0.11. It also includes irc code to connect to a server, probably for a botnet.
They are still using the code for highlighting to get in.
|
12-25-2004, 03:23 PM
|
|
I like ice cream
|
|
Join Date: Mar 2003
Location: California USA
Posts: 11,591
|
|
Heh if this is real im going to laugh at all the people that patched patched patched instead of securing their server  Told you patching was bad. However i have my doubts of it working...I'll check it shortly.
|
12-25-2004, 03:49 PM
|
|
Junior Guru
|
|
Join Date: Jul 2002
Posts: 206
|
|
phpbb is starting to be a pain to deal with all the holes.
__________________
Cooper.
FlamesBurn.com
|
12-25-2004, 04:01 PM
|
|
Web Hosting Evangelist
|
|
Join Date: Feb 2003
Posts: 543
|
|
|
12-25-2004, 04:19 PM
|
|
Linux Guru
|
|
Join Date: Mar 2004
Location: Odessa, Ukraine
Posts: 604
|
|
LOL, old hole!
Just disable system() fuction in php.ini and frogot about this "worm" 
|
12-25-2004, 04:20 PM
|
|
I like ice cream
|
|
Join Date: Mar 2003
Location: California USA
Posts: 11,591
|
|
Quote:
Originally posted by andreyka
LOL, old hole!
Just disable system() fuction in php.ini and frogot about this "worm"
|
Hah your funny... Passthru, exec, shell_exec, open can all be used in the exploit. Also disabling the functions is not feasable on some servers.
|
12-25-2004, 04:26 PM
|
|
I like ice cream
|
|
Join Date: Mar 2003
Location: California USA
Posts: 11,591
|
|
http://www.k-otik.com/exploits/20041225.SantyC.php
Quote:
|
This script uses Google to find vulnerable *.php pages to a file inclusion flaw (See - PHP Secure Prog.)
|
So any vulnerable php that had a file include exploit is vulnerable.... example phpnuke
|
12-25-2004, 04:34 PM
|
|
Linux Guru
|
|
Join Date: Mar 2004
Location: Odessa, Ukraine
Posts: 604
|
|
Quote:
Originally posted by thelinuxguy
Hah your funny... Passthru, exec, shell_exec, open can all be used in the exploit. Also disabling the functions is not feasable on some servers.
|
Well, for shared hostings disablie this functions as well, from some servers... mod_security can help
|
12-25-2004, 04:35 PM
|
|
Web Hosting Guru
|
|
Join Date: May 2003
Location: Virginia
Posts: 299
|
|
Quote:
Originally posted by flamesburn
phpbb is starting to be a pain to deal with all the holes.
|
Starting to be a pain?
|
12-25-2004, 04:37 PM
|
|
I like ice cream
|
|
Join Date: Mar 2003
Location: California USA
Posts: 11,591
|
|
Quote:
Originally posted by andreyka
Well, for shared hostings disablie this functions as well, from some servers... mod_security can help
|
There is other things you can do with out disabling those functions.
|
12-25-2004, 06:42 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Jan 2004
Posts: 40
|
|
I got attacked by Shellbot before Sanity ... Sanity hit me, but i had disabled sites with phpbb already.
Still not quite sure how shellbot is infecting my box, unless it uses HTTP-POST instead of GET. I can not find it in the logs.
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
