+ Reply to Thread
Results 1 to 8 of 8

Thread: Webmasters need to be cautious!

  1. #1

    Webmasters need to be cautious!

    A NEW internet worm has launched a Google-powered assault on web bulletin boards that use the popular phpBB forum software.

    Dubbed "Perl.Santy.A", or "Santy", the worm attacks web servers rather than desktop PCs, a warning posted online by Finnish internet security company F-Secure said.
    The worm uses Google to search randomly for new hosts, F-Secure said.

    There have been serious vulnerabilities found in the phpBB software in the past and this incident underlines the importance of all people keeping up to date with the latest security patches and fixes," anti-virus firm Sophos senior technology consultant Graham Cluley said

    For more details read http://australianit.news.com.au/arti...nbv%5e,00.html
    Cheers,
    Priyanka
    Windows web hosting with ASP,.Net,PHP,MySQL support!
    We help you in making your dreams come true on internet!

  2. #2
    Active Member WorldBuilder is on a distinguished road
    Join Date
    Jan 2004
    Location
    Boston, MA
    Posts
    366
    phpBB is insecure?!

    Chris

  3. #3
    Full Member tylercruz is on a distinguished road
    Join Date
    Dec 2004
    Posts
    44
    Heh.. I'd be serious about these things though.. I use IkonBoard on some of my sites, and a hacker got into that account, and tried breaking root on my dedicated server. I cleaned him out, and patched up IkonBoard.. no problems since then..
    Tyler Cruz
    Merendi Networks
    Merendi.com Movie-Vault.com PokerForums.org

  4. #4
    Active Member bluzman32 is on a distinguished road
    Join Date
    Dec 2004
    Posts
    124
    Oh wow, thanks for giving that link priyanka-m6. My site was hit by this exact worm on the 22nd. I took a screenshot of what every single page, html and php, turned into. See it here.

    So several hundred of my pages looked like that. However I had a backup of the pages, so that was alright, however I don't think I have a backup of my phpbb forum so I've lost all of that. The lesson I have learned is to keep backups of everything..

  5. #5
    Full Member tylercruz is on a distinguished road
    Join Date
    Dec 2004
    Posts
    44
    Backups are ESSENTIAL if you depend on your sites for a living like myself. I back up everything on all my sites (MySQL, forums, etc.) once a month and burn on CD. I have a huge wack of CD's, and am probably going to give a few to relatives in case my house ever catches on fire or something, so I have more than 1 source of backups..
    Tyler Cruz
    Merendi Networks
    Merendi.com Movie-Vault.com PokerForums.org

  6. #6
    WebmasterLingo greggcz is on a distinguished road greggcz's Avatar
    Join Date
    Jan 2004
    Location
    Clifton, NJ
    Posts
    114
    Here's a quick fix for that kind of phpbb worms (i've seen 5 different versions so far):

    Open viewtopic.php in any text editor. Find the following section of code:

    PHP Code:
       // 
       // Was a highlight request part of the URI? 
       // 
       
    $highlight_match $highlight ''
       if (isset(
    $HTTP_GET_VARS['highlight'])) 
       { 
          
    // Split words and phrases 
          
    $words explode(' 'trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight'])))); 
        
          for(
    $i 0$i sizeof($words); $i++) 
          { 

    replace with:

    PHP Code:
       // 
       // Was a highlight request part of the URI? 
       // 
       
    $highlight_match $highlight ''
       if (isset(
    $HTTP_GET_VARS['highlight'])) 
       { 
          
    // Split words and phrases 
          
    $words explode(' 'trim(htmlspecialchars($HTTP_GET_VARS['highlight']))); 
        
          for(
    $i 0$i sizeof($words); $i++) 
          { 
    WebmasterLingo - It's all about your website..

  7. #7
    Active Member bluzman32 is on a distinguished road
    Join Date
    Dec 2004
    Posts
    124
    I think this worm is a bit different than others. This one rewrote every php file and just filled it with

    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <HTML><HEAD>
    <TITLE>This site is defaced!!!</TITLE>
    </HEAD><BODY bgcolor="#000000" text="#FF0000">
    <H1>This site is defaced!!!</H1>
    <HR>
    <ADDRESS><b>NeverEverNoSanity WebWorm generation 9.</b></ADDRESS>
    </BODY></HTML>
    That is what all of the files were replaced as. Here's a live page of what the virus did.

    Thanks for the try though.

  8. #8
    WebmasterLingo greggcz is on a distinguished road greggcz's Avatar
    Join Date
    Jan 2004
    Location
    Clifton, NJ
    Posts
    114
    Other variations I've seen simple spread by installing itself among few irc related programs, as well as spamming programs. They did not replace any html files, but caused very high load on the server.
    WebmasterLingo - It's all about your website..

+ Reply to Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts