It seems like the script kiddies have learned about the latest problems in phpBB (and if you're running phpBB, make sure to upgrade to
phpBB 2.0.17[*1] ASAP or at least apply the patch).
We're seeing a significant amount of requests to the forums that end in something like
Text Formatted Code
highlight='.system(getenv(HTTP_PHP)).'
This is an attempted exploit of the bug in phpBB and will, of course, not affect Geeklog's forum plugin. It will, however, affect those running the phpBBBridge (unless you're on
phpBBBridge 1.02[*2] , which already includes phpBB 2.0.17) since you're effectively running phpBB. And for the rest of us, it's a nuisance and increases server load.
So here's a simple extension to the previously posted
set of rules[*3] to block the Santy and Spyski worms:
Text Formatted Code
RewriteEngine On
...
RewriteCond %{QUERY_STRING} ^(.*)\.system\((.*) [OR]
...
RewriteRule .* - [L,F]
bye, Dirk
Hi, I installed the phpbbbridge plugin about 3 weeks ago, I think it was an older version using phpBB 2.0.15. Is there a way to upgrade safely or will I have to do a full clean install?
I want to install the new phpbbbridge 1.06.
Thanks!
Jim