| Topic Archived |
View previous topic :: View next topic |
| Author |
Message |
jstillion
Silver Supporter
 Offline
Joined: Jul 07, 2004
Posts: 29
Location: Untied States, Ohio
|
 Posted: Tue Dec 21, 2004 6:48 pm
Post subject: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
I just says this on the tech sites....
www.kaspersky.com/news?id=156681162
Santy.a is something of a novelty - it creates a specially formulated Google search request, which results in a list of sites running vulnerable versions of phpBB. It then sends a request containing a procedure which will trigger the vulnerability to these sites. Once the attacked server processes the request, the worm will penetrate the site, gaining control over the resource. It then repeats this routine.
I was wondering if CPG Nuke 8.2B is affected / abled to be scanned?
I do have the Critical phpBB Exploit Affects 8.x patched from the post on this main site.
jstillion please enter your server specs in your user profile! 
|
|
| Back to top |
|
 |
djdevon3
Gold Supporter
Offline
Joined: Aug 05, 2004
Posts: 4363
|
Posted: Wed Dec 22, 2004 1:34 am
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
www.f-secure.com/v-des...ty_a.shtml
Is the 8.2b viewtopic patch that was released 2 weeks ago already cover this or should we expect something new from the security team?
djdevon3's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux/1.3.33/4.4/4.3.11
|
|
| Back to top |
|
|
Trevor
Developer
Offline
Joined: Apr 19, 2004
Posts: 2170
Location: New York
|
Posted: Wed Dec 22, 2004 1:35 am
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
The viewtopic patch should cover this.
Trevor's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux / 1.3.34 / 4.1.18 / 4.4.2 / CVS
|
|
| Back to top |
|
|
djdevon3
Gold Supporter
Offline
Joined: Aug 05, 2004
Posts: 4363
|
Posted: Wed Dec 22, 2004 8:03 am
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
sounds like someone came up with it after they found the security hole and coded the worm for it? and i thought i had no life. whoever does something like that has deep issues. they should coin the phrase internet terrorism. that's all these viruses and worms do. it just incites hatred for those that make them. that's not gaining popularity for your skills. that's being a big lamer.
djdevon3's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux/1.3.33/4.4/4.3.11
|
|
| Back to top |
|
|
Phoenix
• Many Posts •
Offline
Joined: Apr 19, 2004
Posts: 8799
Location: Netizen
|
|
| Back to top |
|
|
djdevon3
Gold Supporter
Offline
Joined: Aug 05, 2004
Posts: 4363
|
Posted: Mon Dec 27, 2004 6:05 am
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
Think about it. Worms like this destroy entire communities. Just because it doesn't kill someone doesn't mean it's not terrorism. {expletive removed} like this should be handled by the FBI or interpol.
djdevon3's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux/1.3.33/4.4/4.3.11
|
|
| Back to top |
|
|
shimon
Nice poster
Offline
Joined: Jul 25, 2004
Posts: 146
|
Posted: Mon Dec 27, 2004 12:11 pm
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
this is why cpgnuke need a better backing up system but luckly for me vhcs my control panel on my server has advance site back uping features
_________________
/media/internet
shimon's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
GNU/Debian / Apache 2.latest / MySQL 4.latest / PHP 4.latest / CPGNuke CVS
|
|
| Back to top |
|
|
blackmetalcouk
Newbie
Offline
Joined: Oct 22, 2004
Posts: 36
|
Posted: Mon Dec 27, 2004 9:43 pm
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
is version 9.0 affected?
blackmetalcouk's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux 2.6.9-22.0.1.ELsmp / Apache 1.3.34 / MySQL 4.0.25 / PHP 4.4.0 / Current 9 CVS
|
|
| Back to top |
|
|
tank
Gold Supporter
Offline
Joined: Apr 20, 2004
Posts: 824
Location: Houston, Texas USA
|
Posted: Mon Dec 27, 2004 10:20 pm
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
| blackmetalcouk wrote: |
| is version 9.0 affected? |
as it states on the home page 9.0 is not effected by the highlight hack
_________________
Search is your friend
tank's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora Core 1, Apache 1.3.33, Mysql 4.1.14, PHP 5.0.5 w/ APC cache, Dragonfly 9.0.6.1
|
|
| Back to top |
|
|
run0
Supporter
Offline
Joined: Jun 28, 2004
Posts: 1559
|
Posted: Tue Dec 28, 2004 3:38 am
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
_________________
run0's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux/1.3.33 (Unix)/4.0.22-standard/4.3.9/DF 9.x
|
|
| Back to top |
|
|
shimon
Nice poster
Offline
Joined: Jul 25, 2004
Posts: 146
|
Posted: Tue Dec 28, 2004 4:09 am
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
oh ows i feel sorry for the people who went on and are not by the server to fix this
_________________
/media/internet
shimon's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
GNU/Debian / Apache 2.latest / MySQL 4.latest / PHP 4.latest / CPGNuke CVS
|
|
| Back to top |
|
|
Śyama_Dāsa
Developer
Offline
Joined: Apr 19, 2004
Posts: 2048
Location: Dragonfly CMS Tribe
|
Posted: Tue Dec 28, 2004 4:13 am
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
While this wont help for other variants or help secure unsecure sites, this helps cut down the traffic created by the current worm
add to .htaccess (requires mod rewrite)
| Code:: |
#Check for Santy Worms and redirect them to 404
#Variant -1
RewriteCond %{HTTP_USER_AGENT} ^LWP [NC,OR]
#Variant -2
RewriteCond %{REQUEST_URI} ^visualcoders [NC,OR]
#Variant -3
RewriteCond %{QUERY_STRING} rush=([^&]+) [NC]
RewriteRule ^.*$ [F] |
this script is a variant on Raven's
thanks raven
_________________
AKA Akamu / Read these and your life will be successful | Find a Repair
--
Mods and Professional Support via YIM
Śyama_Dāsa's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
win32 / Apache 1.3.33 / MySQL 4.1.16/PHP 4.4/CPG-CVS ( browsers: Mozilla 1.7.x / IE6 / Opera 8.0)
|
|
| Back to top |
|
|
xfsunoles
XHTML Specialist
Offline
Joined: Apr 30, 2004
Posts: 2502
Location: Melbourne, Florida
|
Posted: Tue Dec 28, 2004 5:14 am
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
akamu, that doesn't block wget.
_________________
Firefox is my Favorite Browser
xfsunoles's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Apache/1.3.34 (Unix)/4.0.25-standard/4.4.1/CVS
|
|
| Back to top |
|
|
Stephen
Silver Supporter
Offline
Joined: Apr 21, 2004
Posts: 734
|
Posted: Tue Dec 28, 2004 5:16 am
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
This is the latest, ravenphpscripts.com/po...html#29267
A cheap solution is to rename wget. Or just chmod it so only root can use it. And other files in /bin
/edit
Also see this, cpgnuke.com/Forums/vie...html#39384
Stephen's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Cent OS :: 1.3.34 :: 4.1.13 :: 4.4.2 :: CVS
|
|
| Back to top |
|
|
Jeruvy
Security Team
Offline
Joined: Apr 23, 2004
Posts: 1432
Location: Canada
|
Posted: Thu Dec 30, 2004 1:46 am
Post subject: Re: Phpbb Security Vulnerablity - is CPG Nuke affected? |
|
Better to create a special user with root privileges (suid) JUST for wget and then disable it for all other users.
Additionally, why would your server every run wget in the first place?
Oh nevermind, I know that answer already 
_________________
J.
j e r u v y a t y a h o o d o t c o m
Need help? Look here: www.dragonflycms.org/W...d=112.html
Need to chat? Look for me on irc.freenode.net
Jeruvy's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Ubuntu7.10/Debian3.1 - 2.2.3/1.3.37 - 5.0.38/4.0.27 - 5.2.1/4.4.7 - CVS/9.1.2}
|
|
| Back to top |
|
|
|
|
Forum FAQ
Log in to check your private messages
Login
Search
