NeverEverNoSanity worm

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785

NeverEverNoSanity worm

Postby blackpudding » Tue Dec 21, 2004 11:42 am

Help!

My forum was hacked yesterday and all the PHP and index.htm files on my site replaced by the NeverEverNoSanity page. I deleted all the files and replaced with backups and checked here for a new version of the forum. This morning I spent a couple of hours upgrading from version 2.0.10 to 2.0.11 (a long job as my forum is heavily modified).

The next thing I know is the forum is disabled at the server and I received this email message from my host's abuse department:
"You have not upgraded phpBB and the result is our server has been breached. We have suspended access to your forum to prevent the hacker re-gaining access.

You must not re-enable this forum as it has serious security holes."

My question is, does version 2.0.11 fix the problem with NeverEverNoSanity worm? My host denies any responsibility for the security breach and I may end up losing the (expensive) hosting that I have for my forum (16500 members). I don't want to risk re-enabling the forum (if I even can?) if it means I lose my host, but I really want to get the site back online...

Not what I wanted for christmas :cry:
BP
blackpudding
Registered User
 
Posts: 9
Joined: Wed Sep 17, 2003 12:29 am
Location: UK

Re: NeverEverNoSanity worm

Postby filosganga » Tue Dec 21, 2004 12:58 pm

blackpudding wrote:Not what I wanted for christmas :cry:


I can easily imagine that. :(

The phpbb support team could kindly post a short answer?
filosganga
Registered User
 
Posts: 32
Joined: Sat Oct 16, 2004 12:45 pm

Postby battye » Tue Dec 21, 2004 1:11 pm

I assume it 2.0.11 would resolve that issue unless:

1) There is a new exploit phpBB is unaware of
2) It is the PHP version, in which there are a few security issues (which has nothing to do with phpBB)

What PHP version do you run?
User avatar
battye
MOD Team Member
MOD Team Member
 
Posts: 10617
Joined: Wed Feb 11, 2004 11:02 am
Location: Australia

Postby blackpudding » Tue Dec 21, 2004 4:55 pm

What PHP version do you run?

My PHP is Version 4.3.4 and my host is now claiming that it isn't possible to upgrade to a later version on their RAQ550 servers! From what I've seen in other posts here version 2.0.11 of the forum still isn't safe with older PHP versions so there is no way I can reopen. I'm looking for another host but it took 2 years to get a reliable one so this is a major headache :?

Cheers,
BP
blackpudding
Registered User
 
Posts: 9
Joined: Wed Sep 17, 2003 12:29 am
Location: UK

Re: NeverEverNoSanity worm

Postby erasethefear » Tue Dec 21, 2004 5:03 pm

filosganga wrote:
blackpudding wrote:Not what I wanted for christmas :cry:


My exact thoughts when this happened to me... I'm trying to restore mine right now.
erasethefear
Registered User
 
Posts: 77
Joined: Thu May 27, 2004 1:57 am
Location: Ontario, Canada

Postby scrxbandit » Tue Dec 21, 2004 5:14 pm

Ok, I know im an idiot, but my self or none of the other admins on my forum backed up the data base. Is there any way to retain the information on the forum, or is it all lost?
scrxbandit
Registered User
 
Posts: 5
Joined: Fri May 07, 2004 8:09 am

Postby theirish » Tue Dec 21, 2004 5:24 pm

Hi guys, let's share this pain... I keep recovering from this disaster at least 8 times a day... my provider says they'll try to do whatever they can since the problem must be the php exploit. Upgrading phpbb to 2.0.11 fixes other bugs, but does not protect you from this damn worm.

Anyway, let's cheer up, IT MUST BE A DAMN GOOD CHRISTMAS! at least.

* * *
www.ciscoforums.it
* * *
theirish
Registered User
 
Posts: 5
Joined: Tue Dec 21, 2004 5:21 pm

Postby wolfpack1215 » Tue Dec 21, 2004 5:28 pm

Same thing happened to me also. Lost all my pages too. Any suggestions? I take it I shouldn't bother reinstalling right now then....... :(
Hawkeye
User avatar
wolfpack1215
Registered User
 
Posts: 7
Joined: Fri Nov 28, 2003 11:38 am

Postby brakkums » Tue Dec 21, 2004 5:30 pm

This is the only info I can find. Anybody seen any more?

http://www.kaspersky.com/news?id=156681162
brakkums
Registered User
 
Posts: 4
Joined: Fri Oct 10, 2003 4:31 pm

Postby ednerd » Tue Dec 21, 2004 5:37 pm

There's more information at F-Secure's weblog:
http://www.f-secure.com/weblog/
ednerd
Registered User
 
Posts: 2
Joined: Tue Dec 21, 2004 5:35 pm

Postby wolfpack1215 » Tue Dec 21, 2004 5:50 pm

Thanks for the info. It explains alot. Don't these people have hobbies???

BTW, can anyone point me to a more detailed installation guide for a newbie. Someone installed it for me originally and now I'm stuck on the install screen, I keep getting error messages about MySQL. The flash tutorial don't help.
Hawkeye
User avatar
wolfpack1215
Registered User
 
Posts: 7
Joined: Fri Nov 28, 2003 11:38 am

Postby Steeldogs » Tue Dec 21, 2004 5:57 pm

blackpudding wrote:
What PHP version do you run?

My PHP is Version 4.3.4 and my host is now claiming that it isn't possible to upgrade to a later version on their RAQ550 servers! From what I've seen in other posts here version 2.0.11 of the forum still isn't safe with older PHP versions so there is no way I can reopen. I'm looking for another host but it took 2 years to get a reliable one so this is a major headache :?

Cheers,
BP


Check your inbox here
User avatar
Steeldogs
Registered User
 
Posts: 72
Joined: Sun Jul 18, 2004 3:45 pm
Location: Birmingham, Alabama

Postby SniperGuy » Tue Dec 21, 2004 6:11 pm

My provider is running 4.3.10 php. I'm hearing alot of reports of this worm, this worries me greatly. I've got 2.0.8 running, do I need to upgrade? And is there a way to do so without blowing my mods and stuff all to hell? :(
SniperGuy
Registered User
 
Posts: 19
Joined: Thu Mar 04, 2004 3:36 am

Postby filosganga » Tue Dec 21, 2004 6:18 pm

SniperGuy wrote:My provider is running 4.3.10 php. I'm hearing alot of reports of this worm, this worries me greatly. I've got 2.0.8 running, do I need to upgrade? And is there a way to do so without blowing my mods and stuff all to hell? :(


Immediately upgrade to phpbb 2.0.11
filosganga
Registered User
 
Posts: 32
Joined: Sat Oct 16, 2004 12:45 pm

Postby brakkums » Tue Dec 21, 2004 6:23 pm

Will my site be safe if I just make this change?
http://www.phpbb.com/phpBB/viewtopic.ph ... 4&t=240513
brakkums
Registered User
 
Posts: 4
Joined: Fri Oct 10, 2003 4:31 pm

Next

Return to 2.0.x Support Forum

Who is online

Users browsing this forum: No registered users and 1 guest