Net worm using Google to spread

[Hope]

A Web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday.

http://news.zdnet.com/2100-1009_22-5499725.html?tag=nl.e589

[SensoVision]

wow, seems that hackers become more and more inventive in their ways to hack into the sites. Too bad that it appear close to X-mas time and would certanly ruin humor of forum admins who's sites were defaced I need to write to my friends using phpBB to warn them about this issue.

[SensoVision]

just find another thread about this here http://forum.weblamp.net/index.php?topic=3554.0
usually I would merge them or delete one, but as for now I decide to leave both, who knows maybe it would save someone from defacing of his or her phpBB powered forum.

[spherica]

Here is the actual fix to stop this worm, you really should upgrade to phpbb version 2.0.11, but if you can't figure it out, at the VERY LEAST, make this change

Open viewtopic.php in any text editor. (I use TextPad, its free for trial) Find this bit of code:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
   // Split words and phrases
   $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));

   for($i = 0; $i < sizeof($words); $i++)
   {

and replace with:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
   // Split words and phrases
   $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));

   for($i = 0; $i < sizeof($words); $i++)
   { 

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513

[webspace]

Thanks for the email.

That was a quick fix.




Just a note few newbies to php. (Like Me)

That took about 10 mintues, mostly because couldn't find the bit of code within the viewtopic.php file. I recomend using the "find and replace" option in whichever editor you use.

[SensoVision]

it's really nice to that our mail saved your board from hacking. Thanks once again to Hope who have warned us about this, and Seph who have post quick fix to this problem!

[spherica]

Don't just fix your phpbb board, you should contact your hoster, and make sure they know.

I fixed all my phpbb forums on a friends hoster, and told him to contact anyone that used it alos, and if he had no responce, that he himself should make the fix.

Too late, every site on the server got dumped. SWo he had a 2 day old backup, and....... about an hour later, some where starting to get effected again...he now fixed all the phpbb forums.  It a pretty nasty worm.

[carpmad]

thanks for the email i cant think of any other sites that would do that
verry easy to stop that was handy lol
hope you all have a great christmas and new year
take care all
carpmad