Announcement

Collapse
No announcement yet.

just got hacked!!!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • just got hacked!!!

    hey I just got hacked!!! All of my files were changed to this:

    This site is defaced!!!

    NeverEverNoSanity WebWorm generation 11.
    What caused this? do any of you know?
    http://helpmegetamac.net/blackapple.gif MacBook Pro 15.4" Core2Duo 2.33GHz.

  • #2
    http://www.msnbc.msn.com/id/6742668/
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud customization and demonstration site.
    vBulletin 5 Documentation - Updated every Friday. Report issues here.
    vBulletin 5 API - Full / Mobile
    I am not currently available for vB Messenger Chats.

    Comment


    • #3
      Means a phpBB installed somewhere on your server was hacked.,
      Scott MacVicar

      My Blog | Twitter

      Comment


      • #4
        Do you run phpBB aside your vBulletin installation?

        Comment


        • #5
          yes one of my friends runs php on my account... I just upgraded phpbb Also my host had a back up so I am back to normal and if this happens again I am saying goodbye to my friends site \

          Thanks for the info!
          http://helpmegetamac.net/blackapple.gif MacBook Pro 15.4" Core2Duo 2.33GHz.

          Comment


          • #6
            Originally posted by JPT62089
            yes one of my friends runs php on my account... I just upgraded phpbb Also my host had a back up so I am back to normal and if this happens again I am saying goodbye to my friends site \

            Thanks for the info!
            I'd shut it down and remove the files temporarily until phpBB fixes this... or did they already? Seeing as how you said you updated it already then they might have fixed it

            MGM out

            Comment


            • #7
              I don't follow phpBB, but apparently it was fixed in November with 2.0.11.

              Comment


              • #8
                yup it is now running on phpbb 2.0.11 so I should be safe for a bit lol
                http://helpmegetamac.net/blackapple.gif MacBook Pro 15.4" Core2Duo 2.33GHz.

                Comment


                • #9
                  The exploit uses a hole in php. It just so happens the worm targets phpbb intstalls. It probably won't be long before they target other forum software.
                  Time to upgrade php everyone if you haven't already.
                  Admins Zone - Resources for Forum Administrators

                  Comment


                  • #10
                    Originally posted by AWS
                    The exploit uses a hole in php.
                    Actually, it uses a bug that was in phpBB's "highlight" function, not the serialize/unserialize bug that was recently announced for php.

                    From http://isc.sans.org/diary.php?date=2004-12-21:

                    "As part of our first post on this, we speculated that the worm may be using one of the recent problems in php to spread. After getting a hold of the code, it turned out that it is specific to phpBB and only uses the highlight vulnerability in phpBB."
                    Time to upgrade php everyone if you haven't already.
                    A good idea, in any case.
                    AikiWeb Aikido Information

                    Comment


                    • #11
                      I just read The Reg and seen it was a phpbb exploit and not a php exploit that was reported last night.
                      In any case exploiting security holes in forum software just took a turn for the worse.
                      Admins Zone - Resources for Forum Administrators

                      Comment


                      • #12
                        Originally posted by AWS
                        I just read The Reg and seen it was a phpbb exploit and not a php exploit that was reported last night.
                        In any case exploiting security holes in forum software just took a turn for the worse.
                        The exploit is so serious that you give remote access to do whatever you want on the shell. For example, edit, replace and remove files. Which is exactly what this worm did.
                        It is a worm because it used Google to spider for phpBB powered sites and then exploit it.

                        Comment


                        • #13
                          vBulletin had these holes once apon a time too but we sorted ours several years ago in 2.0.0 beta series in 2001.
                          Scott MacVicar

                          My Blog | Twitter

                          Comment


                          • #14
                            Originally posted by Scott MacVicar
                            vBulletin had these holes once apon a time too but we sorted ours several years ago in 2.0.0 beta series in 2001.
                            Do you have a security audit done on the code before major releases?
                            Admins Zone - Resources for Forum Administrators

                            Comment


                            • #15
                              I think I remember reading something about this long ago, and if I recall correctly this was the case (then).

                              No idea how it's handled now...



                              (then again I might be wrong )
                              Best Regards
                              Colin Frei

                              Please don't contact me per PM.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X