NeverEverNoSanity worm

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
blackpudding
Registered User
Posts: 9
Joined: Wed Sep 17, 2003 12:29 am
Location: UK

NeverEverNoSanity worm

Post by blackpudding »

Help!

My forum was hacked yesterday and all the PHP and index.htm files on my site replaced by the NeverEverNoSanity page. I deleted all the files and replaced with backups and checked here for a new version of the forum. This morning I spent a couple of hours upgrading from version 2.0.10 to 2.0.11 (a long job as my forum is heavily modified).

The next thing I know is the forum is disabled at the server and I received this email message from my host's abuse department:
"You have not upgraded phpBB and the result is our server has been breached. We have suspended access to your forum to prevent the hacker re-gaining access.

You must not re-enable this forum as it has serious security holes."

My question is, does version 2.0.11 fix the problem with NeverEverNoSanity worm? My host denies any responsibility for the security breach and I may end up losing the (expensive) hosting that I have for my forum (16500 members). I don't want to risk re-enabling the forum (if I even can?) if it means I lose my host, but I really want to get the site back online...

Not what I wanted for christmas :cry:
BP
filosganga
Registered User
Posts: 32
Joined: Sat Oct 16, 2004 12:45 pm

Re: NeverEverNoSanity worm

Post by filosganga »

blackpudding wrote: Not what I wanted for christmas :cry:


I can easily imagine that. :(

The phpbb support team could kindly post a short answer?
User avatar
battye
Extension Customisations
Extension Customisations
Posts: 11048
Joined: Wed Feb 11, 2004 11:02 am
Location: Australia
Contact:

Post by battye »

I assume it 2.0.11 would resolve that issue unless:

1) There is a new exploit phpBB is unaware of
2) It is the PHP version, in which there are a few security issues (which has nothing to do with phpBB)

What PHP version do you run?
Customisations Team Member

https://github.com/battye/php-array-parser - Give it a Star! :D
blackpudding
Registered User
Posts: 9
Joined: Wed Sep 17, 2003 12:29 am
Location: UK

Post by blackpudding »

What PHP version do you run?

My PHP is Version 4.3.4 and my host is now claiming that it isn't possible to upgrade to a later version on their RAQ550 servers! From what I've seen in other posts here version 2.0.11 of the forum still isn't safe with older PHP versions so there is no way I can reopen. I'm looking for another host but it took 2 years to get a reliable one so this is a major headache :?

Cheers,
BP
erasethefear
Registered User
Posts: 77
Joined: Thu May 27, 2004 1:57 am
Location: Ontario, Canada

Re: NeverEverNoSanity worm

Post by erasethefear »

filosganga wrote:
blackpudding wrote: Not what I wanted for christmas :cry:
My exact thoughts when this happened to me... I'm trying to restore mine right now.
scrxbandit
Registered User
Posts: 5
Joined: Fri May 07, 2004 8:09 am
Contact:

Post by scrxbandit »

Ok, I know im an idiot, but my self or none of the other admins on my forum backed up the data base. Is there any way to retain the information on the forum, or is it all lost?
theirish
Registered User
Posts: 5
Joined: Tue Dec 21, 2004 5:21 pm

Post by theirish »

Hi guys, let's share this pain... I keep recovering from this disaster at least 8 times a day... my provider says they'll try to do whatever they can since the problem must be the php exploit. Upgrading phpbb to 2.0.11 fixes other bugs, but does not protect you from this damn worm.

Anyway, let's cheer up, IT MUST BE A DAMN GOOD CHRISTMAS! at least.

* * *
www.ciscoforums.it
* * *
wolfpack1215
Registered User
Posts: 7
Joined: Fri Nov 28, 2003 11:38 am

Post by wolfpack1215 »

Same thing happened to me also. Lost all my pages too. Any suggestions? I take it I shouldn't bother reinstalling right now then....... :(
Hawkeye
brakkums
Registered User
Posts: 4
Joined: Fri Oct 10, 2003 4:31 pm

Post by brakkums »

This is the only info I can find. Anybody seen any more?

http://www.kaspersky.com/news?id=156681162
ednerd
Registered User
Posts: 2
Joined: Tue Dec 21, 2004 5:35 pm

Post by ednerd »

There's more information at F-Secure's weblog:
http://www.f-secure.com/weblog/
wolfpack1215
Registered User
Posts: 7
Joined: Fri Nov 28, 2003 11:38 am

Post by wolfpack1215 »

Thanks for the info. It explains alot. Don't these people have hobbies???

BTW, can anyone point me to a more detailed installation guide for a newbie. Someone installed it for me originally and now I'm stuck on the install screen, I keep getting error messages about MySQL. The flash tutorial don't help.
Hawkeye
Steeldogs
Registered User
Posts: 72
Joined: Sun Jul 18, 2004 3:45 pm
Location: Birmingham, Alabama
Contact:

Post by Steeldogs »

blackpudding wrote:
What PHP version do you run?

My PHP is Version 4.3.4 and my host is now claiming that it isn't possible to upgrade to a later version on their RAQ550 servers! From what I've seen in other posts here version 2.0.11 of the forum still isn't safe with older PHP versions so there is no way I can reopen. I'm looking for another host but it took 2 years to get a reliable one so this is a major headache :?

Cheers,
BP


Check your inbox here
SniperGuy
Registered User
Posts: 19
Joined: Thu Mar 04, 2004 3:36 am

Post by SniperGuy »

My provider is running 4.3.10 php. I'm hearing alot of reports of this worm, this worries me greatly. I've got 2.0.8 running, do I need to upgrade? And is there a way to do so without blowing my mods and stuff all to hell? :(
filosganga
Registered User
Posts: 32
Joined: Sat Oct 16, 2004 12:45 pm

Post by filosganga »

SniperGuy wrote: My provider is running 4.3.10 php. I'm hearing alot of reports of this worm, this worries me greatly. I've got 2.0.8 running, do I need to upgrade? And is there a way to do so without blowing my mods and stuff all to hell? :(


Immediately upgrade to phpbb 2.0.11
brakkums
Registered User
Posts: 4
Joined: Fri Oct 10, 2003 4:31 pm

Post by brakkums »

Will my site be safe if I just make this change?
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513
Locked

Return to “2.0.x Support Forum”