Dismiss Notice
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

phpbb vulnerability

Discussion in 'General Discussions and Lounge' started by ovi, Dec 22, 2004.

  1. ovi

    ovi Guest

    A worm using Google to identify websites that use a vulnerable type of bulletin board software has spread quickly, infecting up to 40,000 sites.
    The worm, dubbed Santy, exploits a vulnerability in third-party web servers that use phpBB bulletin board software, a popular package used to create web forums, and has been propagating at a rapid pace, infecting some 38,000 sites in a matter of hours.
    This latest worm is quite unique, according to Kaspersky Lab. Santy creates a Google search request, which provides it with a list of sites running vulnerable versions of phpBB. It then sends a request containing a procedure which will trigger the vulnerability to these sites. Once the attacked server processes the request, Santy wriggles into the site and gains control.
    Infected bulletin boards will feature a text message saying "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation". Security experts have said that the worm will not attack home users but they may see its affects if they access the contaminated bulletin boards.
    Google has proven to be a good hunting ground for worm authors who have used it to harvest e-mail addresses. Earlier in 2004 the MyDoom virus used Google in this way, pumping so many search queries into Google that the search engine was disabled for large periods of time.
    Google has responded to pressure from antivirus firms to stop the spread of the worm. The search giant has told Kapersky Lab that it has begun to filter requests made by Santy in a bid to halt the worm's spread.
    Kaspersky Lab has advised that all users of phpBB to upgrade to version 2.0.11 in order to prevent their sites from being defaced by the Santy worm.

    Full story can be read here: newsmakers.co.uk
  2. Darksat

    Darksat Guest

    The most effective way of stopping worms like that is to remove the version number of your PHPBB forum from the footer.
    that way you avoid people/worms who are looking for version speific targets
  3. Paul_KY

    Paul_KY New Member Webmaster

    Speaking of, "Removing Worms"...

    This POS needs to be REMOVED. Either that, or BAN me.

    He'll be in JAIL soon, anyway...

Featured Resources (View All)

Share This Page