Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / PHP Website hacked

Author
Message
BatVink
Moderator
21
Years of Service
User Offline
Joined: 4th Apr 2003
Location: Gods own County, UK
Posted: 22nd Dec 2004 00:10
Link
A client of mine has had their website hacked, along with a host of others on the same server. Only PHP files have been hacked, the message is:

NeverEverNoSanity WebWorm generation 16.
This site is defaced!!!


Anybody have any info? Apparently one of the other sites cleaned everything up, only to find it defaced again minutes later. They don't know if it's a second attack, or a script already on the server.

BatVink
Back to top
Profile PM Email
bitJericho
22
Years of Service
User Offline
Joined: 9th Oct 2002
Location: United States
Posted: 22nd Dec 2004 00:18
Link
Quote: "NeverEverNoSanity WebWorm generation 16"


the word, webworm, is probably a good indication of a worm going around


Yarr join LoGD and defeat your fellow coders!
Back to top
Profile PM Email Website
BatVink
Moderator
21
Years of Service
User Offline
Joined: 4th Apr 2003
Location: Gods own County, UK
Posted: 22nd Dec 2004 04:31
Link
found what I was looking for. A vulnerability in phpBB (specifically, the use of unserialize and realpath).

I don't use phpBB, but the hack can access all sites on the same server. In fact, I would have probably been untouched if I had used phpBB, as it won't screw it's own access point.

BatVink
Back to top
Profile PM Email
Richard Davey
Retired Moderator
22
Years of Service
User Offline
Joined: 30th Apr 2002
Location: On the Jupiter Probe
Posted: 22nd Dec 2004 07:11 Edited at: 22nd Dec 2004 07:15
Link
The vulnerability is actually in PHP itself - 4.3.10 was released the other day to fix this, which we're upgrading to on this server tomorrow (the file server was moved to it today). Even though we don't serialise data, better safe than sorry.

This is good reading (translate it) about the worm causing the problem:

http://www.heise.de/newsticker/meldung/54504

Super Joe crack combat soldier fights a long battle against overwhelming odds.
Back to top
Profile PM Email Website
Jeku
Moderator
21
Years of Service
User Offline
Joined: 4th Jul 2003
Location: Vancouver, British Columbia, Canada
Posted: 22nd Dec 2004 07:20 Edited at: 22nd Dec 2004 07:20
Link
But there's also a serious vulnerability with phpBB--- I've received an email today from my host requiring us to upgrade.

http://www.phpbb.com/phpBB/viewtopic.php?t=248811&highlight=worm


--[GameBasic - Coming Soon]-- ^^^ banner generously designed by TheBigBabou
Back to top
Profile PM Website
Philip
21
Years of Service
User Offline
Joined: 15th Jun 2003
Location: United Kingdom
Posted: 22nd Dec 2004 07:22
Link
It'd be nice if all the world's major software companies could club together and fund an organisation that tracks down and kills, er, I mean, chastises, people who write viruses, worms, trojans and other nasties.

Philip

What do you mean, bears aren't supposed to wear hats and a tie? P3.2ghz / 1 gig / GeForce FX 5900 128meg / WinXP home
Back to top
Profile PM Email
Richard Davey
Retired Moderator
22
Years of Service
User Offline
Joined: 30th Apr 2002
Location: On the Jupiter Probe
Posted: 22nd Dec 2004 08:01
Link
Ouch, have just been reading all about this - yeah, it's a phpBB bug as well as a PHP bug! Thankfully we don't have phpBB installed on any of our servers, so it will not effect us.

Super Joe crack combat soldier fights a long battle against overwhelming odds.
Back to top
Profile PM Email Website
OSX Using Happy Dude
21
Years of Service
User Offline
Joined: 21st Aug 2003
Location: At home
Posted: 22nd Dec 2004 23:33
Link
http://news.bbc.co.uk/1/hi/technology/4117711.stm

Beware the cat... The alien... The heretic...
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-11-26 16:31:02
Your offset time is: 2024-11-26 16:31:02