Resources

Getting started

Support

Development

Topics

User Functions

Events

There are no upcoming events

What's New

Stories

1 new Stories in the last 2 weeks

Comments last 2 weeks


Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

NEW FILES last 14 days

No new files

Welcome to Geeklog Saturday, May 25 2013 @ 08:08 PM EDT

> >

Offtopic: phpBB worm in the wild

Security
  • Wednesday, December 22 2004 @ 04:00 AM EST
  • Contributed by:
  • Views:
    27,943

This isn't exactly Geeklog-related, but since quite a few sites seem to be running phpBB (with or without the phpBBBridge), I'd like to point out that there's a worm going around at the moment that exploits a bug in phpBB versions 2.0.10 and earlier.

This seems to be the first time (at least that I'm aware of) that an automatic exploit for a web application is in the wild. The worm uses Google to search for phpBB boards, infects them, and then continues to spread from there. Infected sites show a red text "NeverEverNoSanity WebWorm Generation" (followed by a number) on a black background. More information about the worm can be found in the usual places, e.g. Bugtraq.

So to all phpBB users out there: Upgrade to phpBB 2.0.11 ASAP.

Update: According to F-Secure, Google is now blocking the requests of the worm (dubbed "Santy"), which should stop it for now (until a new worm comes, that uses another search engine ...). It's still strongly recommended to update phpBB, of course.

What's Related

Story Options

The following comments are owned by whomever posted them. This site is not responsible for what they say.

  • Offtopic: phpBB worm in the wild
  • Authored by:RickW on Wednesday, December 22 2004 @ 08:45 AM EST
I posted information about this worm at http://www.antisource.com/article.php/20041221112101615 as well.

---
www.antisource.com

  • Offtopic: phpBB worm in the wild
  • Authored by:Agent X20 on Wednesday, December 22 2004 @ 04:08 PM EST
I got hit - but I'm running phpbb 2.0.11! What seems to have happened is that another site on the server running an old version of phpbb got hit and I had a few files not quite locked down permission wise and they got clobbered as well. Not good!
  • Offtopic: phpBB worm in the wild
  • Authored by:Turias on Wednesday, December 22 2004 @ 05:20 PM EST
Versions 0.75 and higher of the phpBBBridge all use phpBB 2.0.11, so if you are using one of those versions, you should be ok. If you are not, I would recommend upgrading immediately.

Post a Comment

Your Name
Create Account
Allowed HTML Tags:
<p>, <b>, <strong>, <i>, <a>, <em>, <br>, <tt>, <hr>, <li>, <ol>, <ul>, <code>, <pre>, [code], [raw], [page_break], [staticpage:]InformationInformation[staticpage: id alternate title] - Displays a link to a static page using the static page title as the title. An alternate title may be specified but is not required. , [event:]InformationInformation[event: id alternate title] - Displays a link to an Event Link from the Calendar using the Event Title as the title. An alternate title may be specified but is not required. , [poll:]InformationInformation[poll: id alternate title] - Displays a link to a poll using the Poll Topic as the title. An alternate title may be specified but is not required. , [link:]InformationInformation[link: id alternate title] - Displays a link to a Link from the Links Plugin using the Link Title as the title. An alternate title may be specified but is not required. , [faq:], [forum:]InformationInformation[forum: id alternate title] - Displays a link to a forum topic using the text 'here' as the title. An alternate title may be specified but is not required. , [file:], [story:]InformationInformation[story: id alternate title] - Displays a link to a Story using the Story Title as the title. An alternate title may be specified but is not required. , [user:]InformationInformation[user: name alternate title] - Displays a link to a User using the Username as the title. An alternate title may be specified but is not required.
 

Security code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

What code is in the image?
Enter the bolded text, case sensitive!
Important Stuff
  • Please try to keep posts on topic.
  • Try to reply to other people comments instead of starting new threads.
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Your email address will NOT be made public.