Hi guys,
Though I updated to phpBB 2.0.11 quite awhile ago (when it first was released), I have just realized that seeing 800-900 guests in my forum at a time was because of this exploit.
Yesterday, my server admin applied a rewritecond for the entire server, and when you try to go to a URL as the exploit does, it gives a 406 error. I figured this would stop the number of guests, but it hasn't. This either means the rewritecond was unsuccessful for some reason (maybe it's not extensive enough?), or that something is up with the forum.
I've read a lot of the pages here (but not all) and it seems that even if the rewrite works, you still see the guests for some reason? Not sure why (so if someone can explain, I'd be appreciative), but I tried to add some code to common.php anyways.
I first tried Dark Matter's route (posted originally on page 3), but I get tons of blazing phpbb_sessions errors (something is outputting info to the header, it seems). I did put the code in the exact right place, and I know PHP quite well... I just didn't want to troubleshoot for awhile because I don't know how all the files interact in phpbb super well.
Then I tried adding Hynee's code (posted on page 9)
Code: Select all
//Worm prevention
$user_agent = $_SERVER["HTTP_USER_AGENT"];
$query_string = $_SERVER["QUERY_STRING"];
//echo $query_string;
$UA_Match = preg_match('#LWP(\:\:Simple|\-trivial)\/\d\.\d+#i',$user_agent);
$QueryMatch = (
(preg_match_all('#chr\%28\d+\%29#U',$query_string,$matches)>10) || //chr(xxx) where xxx is digits
strpos($query_string,'%24HTTP_GET_VARS') || //$HTTP_GET_VARS
(preg_match_all('#chr\(\d+\)#U',$query_string,$matches)>10)
);
if ($UA_Match || $QueryMatch) {
die();
}
//END Worm protection
added this, no errors... but I still have 7-900 guests per hour.
Does anyone have any ideas of further things to do? Or could perhaps explain why these guests are showing up even after the server supposedly is protecting against the queries? This is destroying my bandwidth... my site (
http://www.anime-planet.com/forum/ , for the forum) gets around 5,000 unique users a day and having 20,000 guests PER DAY show up is insane! Any help would be greatly appreciated ^_^