phpBB users, worm spreading

[SagaLore]

phpBB Worm: Net-Worm.Perl.Santy.a

A worm is infecting all of the web files on phpBB boards by using an exploit in older versions. It defaces the site and then uses the site to infect the next target.

 

[BCYL]

Thanks for the heads up...

 

[FoBoT]

worms are yummy

 

[slightlyhuman]

i guess this is what happened to my css clan site? here

 

Thanks for the heads up, just upgraded.

 

[SagaLore]

Can we get a sticky? I'm sure there are a lot of people here using phpBB.

 

[simms]

SPCR got hit by this... phpBB is being hit badly with all these exploits.

 

[fergiboy]

I think this is a problem with phpBB and not a problem with PHP itself. Seems like the people over at phpBB have a big mess on their hands. I have always been a big advocate of PHP but this worm shows why PHP can never be used in high priority applications. PHP allows the programmer too much freedom.

More info

 

[DeviousTrap]

I'm wondering what my users will think if I automatically update all phpbb installations on the server

 

[Beau]

Thanks for the heads up. Just upgraded.

 

[Beau]

Originally posted by: fergiboyPHP allows the programmer too much freedom.

This is one of the major STRENGTHS of PHP. Poor coding techniques and lack of propper testing is not the fault of the technology.

 

[Mr N8]

If you haven't been hit yet, your lucky. I think this was exploited, starting the last week of November.

Edit:
Nevermind, just a similar problem. Carry on.

 

[Silverbullet28]

Bump to spread the word.

 

[Conky]

Originally posted by: DeviousTrap
I'm wondering what my users will think if I automatically update all phpbb installations on the server

Well, it will blow out their hacks and other added templates and cause an error if they have the default style set to one of those added templates.

I just updated a client/friends phpbb for him and that's what I ran into.

 

[Mill]

Yep......

 

[olds]

Can't upgrade....
phpBB 2.0.11 Setup
We are upgrading in /home/oldsmobo/public_html/forums... Upgrade script is missing. Upgrade failed, you may have reached your disk quota!

 

[DeviousTrap]

Originally posted by: Crazyfool

Originally posted by: DeviousTrap
I'm wondering what my users will think if I automatically update all phpbb installations on the server

Well, it will blow out their hacks and other added templates and cause an error if they have the default style set to one of those added templates.

I just updated a client/friends phpbb for him and that's what I ran into.

Yup, just found that out after some research. I also found that its not really a danger to the server security in general so I'll send out a message to clients and let them deal with it themselves.

 

[SagaLore]

Originally posted by: DeviousTrap

Originally posted by: Crazyfool

Originally posted by: DeviousTrap
I'm wondering what my users will think if I automatically update all phpbb installations on the server

Well, it will blow out their hacks and other added templates and cause an error if they have the default style set to one of those added templates.

I just updated a client/friends phpbb for him and that's what I ran into.

Yup, just found that out after some research. I also found that its not really a danger to the server security in general so I'll send out a message to clients and let them deal with it themselves.

What if you just installed the patches rather than upgrading the whole board?

 

[DeviousTrap]

Originally posted by: SagaLore

Originally posted by: DeviousTrap

Originally posted by: Crazyfool

Originally posted by: DeviousTrap
I'm wondering what my users will think if I automatically update all phpbb installations on the server

Well, it will blow out their hacks and other added templates and cause an error if they have the default style set to one of those added templates.

I just updated a client/friends phpbb for him and that's what I ran into.

Yup, just found that out after some research. I also found that its not really a danger to the server security in general so I'll send out a message to clients and let them deal with it themselves.

What if you just installed the patches rather than upgrading the whole board?

I have about 20 installations of phpbb per server and I won't manually patch them, the only other option is to have cPanel upgrade them automatically and I have no clue how that would turn out.

 

[randal]

Originally posted by: DP
i guess this is what happened to my css clan site? here

Nope, that's a separate worm having to do with Apache permissions. Couple clients got hit by that last night - replaces all yer php & html files with the defacement notice without leaving a backup :-(

It's not a system-affecting thing from what I've seen so far, though. And it doesn't mess with any dbs/otherdata/etc.

edit - Whoops, it is related - just a different generation of the same worm/author.

 

[hevnsnt]

By now most of you have probably seen the reports on the santy.a worm that used a vulnerability in PHP (or PHPBB, some argument there).
This was a particularly destructive worm to those sites that were affected.

This particular worm made use of Google search to identify potential targets. The number of queries generated by this worm was small enough to be down in the noise relative to the normal activity. We were finally notified early Tuesday and by late afternoon we had begun blocking the worm's search queries. The worm should have started dying off almost immediately.

Stephen
--
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
Name Removed - Information Security Officer - Removed@google.com
Google, Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Phone: +Removed Fax: +Removed

The church is near, but the road is icy.
The bar is far away, but I will walk carefully. -- Russian Proverb


-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+