Online since 2002. Over 3300 puzzles, 2600 worldwide members, and 270,000 messages.

TwistyPuzzles.com Forum

It is currently Thu Jul 24, 2014 10:31 am

All times are UTC - 5 hours



Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: phpBB defacements - upgrade needed?
PostPosted: Wed Dec 22, 2004 7:13 am 
Offline
User avatar

Joined: Wed Mar 15, 2000 9:11 pm
Location: Delft, the Netherlands
Sandy,

According to this news story,
http://www.theregister.co.uk/2004/12/21/santy_worm/
there is a bot about that defaces phpBB scripted boards, so you may have to upgrade to version 2.0.11 if you can.

Regardless of whether that is possible, I do hope you keep regular backups.

_________________
Jaap

Jaap's Puzzle Page:
http://www.jaapsch.net/puzzles/


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 22, 2004 1:01 pm 
Offline
User avatar

Joined: Thu Jan 24, 2002 1:10 am
Location: Toronto, Canada
I just found out about this about a half hour ago. For the time being, I have performed the temporary fix which avoids this problem. I couldn't perform the 2.0.11 update since I have customized a bunch of PHPBB 2.0.6 scripts myself, and only have a record of what I changed on my work computer. I'm on vacation right now, but will be popping into work in a few days. Maybe I'll do it then.

FYI, as my host struggles with issues as a result of this worm, the site may be offline from time to time... as it was about a half hour ago, which is what caused me to look into what was going on...!

It's pretty nasty to release out a brand new exploit worm like this just before Christmas when everyone is on vacation!

Thanks for the info, Jaap.

Sandy


Top
 Profile  
 
 Post subject:
PostPosted: Tue Dec 28, 2004 10:09 am 
Offline
User avatar

Joined: Mon Jun 12, 2000 4:37 am
Location: Cincinnati, Ohio, U.S.A.
Sandy,

I know nothing about this subject but I just came accross the following. Perhaps it has some info for you

http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/


Top
 Profile  
 
 Post subject:
PostPosted: Fri Dec 31, 2004 11:21 am 
Offline
User avatar

Joined: Thu Jan 24, 2002 1:10 am
Location: Toronto, Canada
Oscar wrote:
Sandy,

I know nothing about this subject but I just came accross the following. Perhaps it has some info for you

http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/


Only the forum on this site is in PHP, and is being written by far better programmers than me, so I presume they are on top of this stuff... in spite of the recently discovered flaw! The rest of the site is written by me, but is in Perl.

However, I am in the process of writing a huge site for a friend entirely in PHP (my first PHP project), so I'll definitely give this document a careful read through. Thanks for the tip.

Sandy


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Forum powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group