Search found 11 matches

by blujay
Wed Jan 05, 2005 12:43 am
Forum: 2.0.x Support Forum
Topic: NeverEverNoSanity worm
Replies: 96
Views: 35697

You'll be blocking server computers from your server, not end-user computers.

Yes, that's the whole point of a worm: it automatically spreads using the computers it has infected.

Read the URLs posted in this thread to learn how the worm works.
by blujay
Wed Dec 29, 2004 4:23 pm
Forum: 2.0.x Support Forum
Topic: NeverEverNoSanity worm
Replies: 96
Views: 35697

If I understand the latest two "Santy" variants, they do not exploit a native PHP vulnerability, but vulnerabilities in PHP scripts created by script authors; namely, unchecked variables passed in URLs, that are used to access files. The worm replaces that variable with a URL to another file, and th...
by blujay
Sat Dec 25, 2004 9:59 pm
Forum: 2.0.x Support Forum
Topic: NeverEverNoSanity worm
Replies: 96
Views: 35697

People are claiming on Bugtraq that a new variant of the worm is successfully exploiting phpBB 2.0.11.

http://marc.theaimsgroup.com/?l=bugtraq ... 310128&w=2
by blujay
Wed Dec 22, 2004 9:05 am
Forum: 2.0.x Support Forum
Topic: NeverEverNoSanity worm
Replies: 96
Views: 35697

Very well put, pip. However, personally, I am...oh...90% convinced that Santy (why is it called that instead of "Sanity"?) exploits the phpBB highlight vulnerability, and not any of the PHP-native vulnerabilities. I looked at the worm's Perl code from a message posted on Bugtraq, and you can see for...
by blujay
Wed Dec 22, 2004 6:30 am
Forum: 2.0.x Support Forum
Topic: NeverEverNoSanity worm
Replies: 96
Views: 35697

Okay, creating a new user took care of the password thing, so thank you! :D I have just one more problem. :( I'm getting an error message that says: Warning: mysql_error(): supplied argument is not a valid MySQL-Link resource in db/mysql4.php on line 330 Warning: mysql_errno(): supplied argument is...
by blujay
Wed Dec 22, 2004 5:02 am
Forum: 2.0.x Support Forum
Topic: NeverEverNoSanity worm
Replies: 96
Views: 35697

Glad to help. Let me know how it turns out.
by blujay
Wed Dec 22, 2004 4:48 am
Forum: 2.0.x Support Forum
Topic: NeverEverNoSanity worm
Replies: 96
Views: 35697

another question that I has backup my database in to database.sql ....so this file is infected too??? As far as I know, the worm did not touch .sql files. That should be fine. My question is: is there any way I can access the database password so that I can check the one in config.php? My other que...
by blujay
Wed Dec 22, 2004 4:06 am
Forum: 2.0.x Support Forum
Topic: NeverEverNoSanity worm
Replies: 96
Views: 35697

the whole network here.. even back up files That probably deserves a separate topic, but this underscores the need for three things: 1. Unmount or disable access to backups after the backup process is complete. 2. Off-server/off-site backups. 3. Better restrictions on PHP's permissions. How many se...
by blujay
Wed Dec 22, 2004 4:03 am
Forum: 2.0.x Support Forum
Topic: NeverEverNoSanity worm
Replies: 96
Views: 35697

I'm not really sure how many times this needs to be repeated ... Update to 2.0.11 now. It is not vulnerable to this worm. Update to 4.3.10 now. It is not vulnerable to this worm. Prior to 2.0.11, phpBB had a serious vulnerability released. Prior to 4.3.10/5.0.3, PHP had a serious vulnerability rele...
by blujay
Wed Dec 22, 2004 3:42 am
Forum: 2.0.x Support Forum
Topic: NeverEverNoSanity worm
Replies: 96
Views: 35697

The only thing I know is that my webhost upgraded to PHP 4.3.10 before this started and I have yet to be hit by this worm. I also upgraded to 2.0.11 immediately after it was released. So, my unscientific answer is no to being vulnerable. 2.0.11 was released before the worm hit. So, no offense, but ...
by blujay
Wed Dec 22, 2004 3:33 am
Forum: 2.0.x Support Forum
Topic: NeverEverNoSanity worm
Replies: 96
Views: 35697

The Bottom Line

Is a server running phpBB < 2.0.11 and PHP >= 4.3.10 vulnerable? A site of mine got hit yesterday. We do not run phpBB, we run vBulletin. (Nothing against phpBB, it wasn't my decision, anyway.) We are on a shared server. Many, but not all, of our files were overwritten. Some directories were left un...

Go to advanced search