vb.org Archive
Page 2 of 4 1 2 34
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   phpBB virus... look at this.. (https://vborg.vbsupport.ru/showthread.php?t=73196)

tubedogg 12-22-2004 04:02 PM
Quote:
Originally Posted by kall
Are those URLs deliberately not working?

I'm getting dots in the middle that are causing odd URLS in firefox.
Somebody copied the URLs directly off another forum, it looks like, and therefore the dots in the middle were copied into the linked URL as well.

ericgtr 12-22-2004 04:23 PM
Isn't this a php exploit for versions 4.3.9 and 5.0.2 or is it something different? http://www.hardened-php.net/advisories/012004.txt

Andrew 12-22-2004 04:54 PM
Quote:
Originally Posted by ericgtr
Isn't this a php exploit for versions 4.3.9 and 5.0.2 or is it something different? http://www.hardened-php.net/advisories/012004.txt
No - This was caused by a security loophole found specifically in the phpBB software. The error you're reffering to was a broader PHP error that affected almost all the PHP based bulletin boards.

ericgtr 12-22-2004 07:36 PM
Ouch.. this is what it does once it gets on your server, from news.com

"After it has taken over a site, the worm deletes all HTML, PHP, active server pages (ASP), Java server pages (JSP), and secure HTML pages, and replaces them with the text, "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation X," according to Kaspersky. For "X," the worm inserts a number representing how far the current instance of the program is descended from the original worm release. MSN searches have found 24th generations of the worm."

Makes me wonder if it is able to get past the webroot, wiping out all backups as well.

Andrew 12-22-2004 07:53 PM
I don't think it managed to get past the webroot - Alot of the sites I've seen have been repaired either from main server backups or personal backups of their files.

moethelawn 12-22-2004 08:26 PM
Yeah, I got an email yesterday from the company I bought my server from and they talked about that worm. Good thing I don't use phpBB :)

trackpads 12-22-2004 09:12 PM
phpbb is the best free forum software that is. The fact that this virus spread so fast is a testament to the massive use of it on the internet. In that news.com post it said that their are voer 6,000,000 phpbb's out there. It has its flaws of course and the fact that its code is freely available makes it a good candidate for something like this.

Of course once you move up in needs you have to go to VB :)

trackpads 12-22-2004 09:13 PM
Quote:
Originally Posted by True.Rooster
I don't think it managed to get past the webroot - Alot of the sites I've seen have been repaired either from main server backups or personal backups of their files.
SQL injection I think.

kall 12-22-2004 10:45 PM
Quote:
Originally Posted by tubedogg
Somebody copied the URLs directly off another forum, it looks like, and therefore the dots in the middle were copied into the linked URL as well.
Ahh. Good lateral thinking there. :)

Erwin 12-23-2004 12:39 AM
It's quite amazing really.

The search on Google for "NeverEverNoSanity WebWorm generation" shows this at the moment:

Results 1 - 10 of about 1,480 for NeverEverNoSanity WebWorm generation. (0.10 seconds)


All times are GMT. The time now is 01:45 AM.
Page 2 of 4 1 2 34
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01012 seconds
  • Memory Usage 1,739KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete