Virus that attacks PHP forums

[Yodasplat]

I don't know if you guys are aware of this, or if somebody already posted this here. If so, apologies.

If not, heads up. This virus attacks and defaces PHP forums ... and the IPB forum (like GR.net) is PHP based ...

http://www.msnbc.msn.com/id/6742668/

I'm glad I got rid of PHP for my board ... I'll say.

[Rocky]

That is the worm that attacked and defaced the 3dretreat network, I recognise the name.

[Dick Splash]

.....and Call of Duty HQ's site

DS

[Rocky]

I am still reading on this, but I think this is only a concern for PHPbb boards. Funnily enough I recall chatting to our webhost 3 weeks ago, and he was flat out working on patching all his servers because of a new vurnerability with PHPbb boards. I searched the web and found nothing, and he told me that news had not leaked out mainstream, but that sysadmins were working flat out patching their servers.

[Rocky]

Sorry for the multiple posts, yeh this is only a PHPbb problem, IPB forums like this are (should be) fine.

[Rocky]

Quite alot of detail here,

http://searchsecurity.techtarget.com/origi...1036174,00.html

Interesting worm! It googles!

[Whisper_44]

Sorry for the multiple posts.

←

edit button???

[Rocky]

Sorry for the multiple posts.

←

edit button???

←

Hey what can I say... "my forums....."

[Whisper_44]

I knew that was coming..proceed to spam then sir...

[Rocky]

I knew that was coming..proceed to spam then sir...

←

How did you know, that's the first time I have ever said that in over 7000 odd posts? Ah you knew beacuse you set me up big guy!!

[Rocky]

I mean it's not like I need the post count.

[Rocky]

Yeh?

[Rocky]

Wow even GR.com was hit!

http://www.ghostrecon.net/forums/index.php?showtopic=23093

[Whisper_44]

Yeh?

←

Since I'm talking to the site owner does this qualify as non-spam? I need the posts actually

[Rocky]

Yeh?

←

Since I'm talking to the site owner does this qualify as non-spam? I need the posts actually

←

You're a Supporter, can you get away with anything around here

Anyway, we best get this back on topic before a moderator spots us having a little fun.

[Whisper_44]

rgr that sir...

Whisper_44 spam artist, signing out........

[NYR_32]

OMG'z!!!! Spammers!!!!!!!

[3.10] Spam Do not use our Forums to advertise your business or seek personal gain. People come here to read about Ghost Recon and related topics. The definition of "spam" is down to the forum moderator in the first instance. If you are unsure about making a post, ask via private message or e-mail.

[GR_Modder]

You're a Supporter, can you get away with anything around here 

Oh, so that's what the payment was for!

[OSO]

My site was simple htm and html with javascript menus. Apparently it does more than the php.

[Rocky]

My site was simple htm and html with javascript menus. Apparently it does more than the php.

←

It got in through the 3dretreat forums, and attacked the server from there, including your pages there. I believe that's how it works.

[CR6]

It got in through the 3dretreat forums, and attacked the server from there, including your pages there. I believe that's how it works.

←

3d Retreat uses Snitz forums, not PHPbb. The problem was that another website hosted on the same server used PHPbb and was not secured.

Fortunately we do regular backups and the majority of the site and our forums was pretty much back to normal within 3 hours of the attack.

[Matt03]

Got to love people that do this stuff.

[NYR_32]

I've read that the worm attacks any vunerable phpbb board, then screws with any files on the entire server that are html, php and a few others.

[Dannik]

One more addition to the long list of why people should not use PhpBB. Ever.

[Rocky]

Do you want the bad news or the bad news? I just noticed there's a website on the same server as this that uses the PHPbb forums.