No announcement yet.

How to avoid being damaged by the phpBB worm

  • Filter
  • Time
  • Show
Clear All
new posts

  • How to avoid being damaged by the phpBB worm

    As many of you will be aware, sites running phpBB have been dropping like flies over the past few days, due to a vulnerability in older versions of phpBB.

    BBC news article

    While vBulletin itself is not vulnerable to attack, if your vBulletin is installed on a shared server that also hosts vulnerable phpBB boards, you could find that your board suffers collateral damage from the phpBB attacks.

    If the phpBB vulnerability is attacked, it will attempt to replace every .htm, .php and .asp file with a defaced version.

    If your vBulletin could possibly be installed on a server also hosting vulnerable phpBB boards, we would recommend that you take a few moments to ensure that your script files are not globally writable.

    On a unix/linux server, this would involve using 'chmod' to alter the file permissions for all .php, .htm and .asp files to 644.

    File permissions can be set via most FTP clients, or if you have SSH access to your server, you can use the following commands:
    cd [i]/path/to/your/vbulletin[/i]
    chmod -R 644 *.php
    chmod -R 644 *.htm
    chmod -R 644 *.asp
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.