about ddr | forums | buy ddr | radio | song lists | FAQs | machine locations

 Forums FAQForums FAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

phpBB worm doing the rounds
 
This topic is locked you cannot edit posts or make replies    DDR Freak Forum Index -> Site Feedback
View previous topic :: View next topic  
Author Message
Char
Trick Member
Trick Member


Joined: 30 Apr 2004
0. PostPosted: Tue Dec 21, 2004 10:22 am    Post subject: phpBB worm doing the rounds Reply with quote
Just heard of a worm which is apparently doing the rounds and infecting phpBB boards. Anything below 2.0.11 is apparently susceptible.

More information here:
http://www.viruslist.com/en/viruses/encyclopedia?virusid=68388

As the link says, you can see what it's been doing here:
http://beta.search.msn.com/results.aspx?q=%22this+site+is+defaced%21%21%21%22&FORM=QBRE

Just a heads up, I think.
Back to top
View users profile Send private message
RevenG-D
Trick Member
Trick Member


Joined: 07 Nov 2004
1. PostPosted: Tue Dec 21, 2004 10:36 am    Post subject: Reply with quote
I was wondering what was wrong with phrecwenci's site...
_________________
http://www.revengd.net/index.php
Back to top
View users profile Send private message AOL Instant Messenger
Cutriss
Staff Member
Staff Member


Joined: 24 Jan 2002
2. PostPosted: Tue Dec 21, 2004 11:47 am    Post subject: Reply with quote
We've had this fix in place for some time. This is an exploit that was made visible a month ago, but is now being taken advantage of by a worm writer. The reason it's so visible is because the worm doesn't necessarily need the phpBB vulnerability to exist. If you're running on a shared server and one user on the server has an old phpBB install that's vulnerable, he/she can get infected and then pass it along to you. We don't use a shared server, so we're not vulnerable to that attack vector either.

At any rate, thanks for the heads up.
_________________

Sentient Mode is capable...
Back to top
View users profile Send private message Visit posters website AOL Instant Messenger Xbox Live Gamertag
Char
Trick Member
Trick Member


Joined: 30 Apr 2004
3. PostPosted: Tue Dec 21, 2004 6:57 pm    Post subject: Reply with quote
Wicked, didn't realise it was so old. sherl0k seemed to imply that DDRFreak's version is inaccurate, which would likely mean you are sorted, but i'd hate to see this place get boned.
Back to top
View users profile Send private message
Cutriss
Staff Member
Staff Member


Joined: 24 Jan 2002
4. PostPosted: Tue Dec 21, 2004 9:00 pm    Post subject: Reply with quote
Yeah, we have a lot of custom hacks and modifications that we've implemented - having to re-implant them every time there's a minor modification to phpBB would be a royal headache. We just patch in the relevant changes as needed.
_________________

Sentient Mode is capable...
Back to top
View users profile Send private message Visit posters website AOL Instant Messenger Xbox Live Gamertag
Phrekwenci
Administrator
Administrator


Joined: 27 Feb 2002
Location: New York, NY
5. PostPosted: Wed Dec 22, 2004 12:07 am    Post subject: Reply with quote
RevenG-D wrote:
I was wondering what was wrong with phrecwenci's site...


Uh what? Well, would you look at that. Seems I don't have a forum any longer. I guess rampage took care of it already.
_________________
Best thread on DDR Freak winnar | Second best thread | Posting and You...
Back to top
View users profile Send private message Send email Visit posters website AOL Instant Messenger Xbox Live Gamertag
Display posts from previous:   
This topic is locked you cannot edit posts or make replies    DDR Freak Forum Index -> Site Feedback All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB 2 © 2001, 2002 phpBB Group