♥ PosetteForever ♥

Hi friends, even if I have already done the necessary modifications and upgrades to the forum something strange could happen anyway, so I'm doing fresh backups of the site on a weekly basis. I suspect that all that online guest (133 yesterdays) are tries to hack the site, but they were unsucessfull till now. I hope that nothing strange will happen to the site.

These are the news:

[i:bf930d57ec]Today a lot of Webservers have been hacked by a so called "Net-Worm.Perl.Santy.a". This worm infects certain web sites by exploiting a vulnerability in phpBB. Santy.a is spreading rapidly, and has caused an epidemic. Santy.a is something of a novelty - it creates a specially formulated Google search request, which results in a list of sites running vulnerable versions of phpBB. It then sends a request containing a procedure which will trigger the vulnerability to these sites. Once the attacked server processes the request, the worm will penetrate the site, gaining control over the resource. It then repeats this routine. Once the worm has gained control over a site, it will scan all directories on the infected site. All files with the extensions .htm, .php, .asp, .shtm, .jsp and phtm will be overwritten with the text 'This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation'. Apart from defacing infected sites with this text, the worm has no pay load. It will not infect machines which are used to view infected sites. We recommend that all users of phpBB should upgrade to version 2.0.11 to prevent their sites from being defaced[/i:bf930d57ec]
-------------------------------------------------------------------------
[i:bf930d57ec]Web search engine company Google is blocking efforts by a new Internet worm to use its search engine to find vulnerable computers on the Internet, the company announced this week.

Google is blocking searches launched by Santy.A, a new Internet worm that targets servers running phpBB, a popular electronic bulletin board software package, according to a statement from the company. Without any native ability to scan for vulnerable computers, Google's action halted Santy.A's spread, according to antivirus companies.

Santy.A targets servers running phpBB. Antivirus companies first detected the worm Tuesday, though it may have been spreading silently well before that, according to Johannes Ullrich, chief technology officer at The SANS Institute's Internet Storm Center.

The worm used a vulnerability in phpBB, an open source software product that is managed by the phpBB Group, to spread across the Internet, infecting computer servers that host online bulletin boards and defacing those sites with the words "This site is defaced!!! NeverEverNoSanity WebWorm."

A phpBB component called viewtopic.php allows malicious commands to be passed to and executed on servers that run a vulnerable version of the phpBB software. Secunia, a Copenhagen-based security company, first reported the vulnerability on November 19. An updated version of phpBB software that fixes the flaw was released on November 18.


Impact Uncertain

Estimates of the impact of the Santy worm vary widely. Searches on a beta version of Microsoft's MSN Search feature for the text used to deface sites returned over 30,000 hits. However, identical searches on other engines, including the official MSN Search engine, Yahoo, and Google search engines returned far fewer hits, ranging from 785 (MSN) to 2030 (Yahoo).

However, using searches for telltale signs of infection, such as defacement text, is an inexact way to determine the actual number of Santy infections, says Ullrich.

"Santy will only deface sites if it can overwrite files, and it may not always be able to do that based on the configuration of the Web server [running phpBB]," he says.

Also, an analysis of the Santy code revealed that the worm spread quietly for a while, infecting phpBB servers but not overwriting files and defacing the bulletin boards, Ullrich says.

The Santy worm marked some firsts, including the use of a popular search engine as part of a worm's spreading mechanism. However, the lessons to be learned from Santy's spread are already well established: keep on top of software patches and "harden" the configuration of public-facing servers by preventing users from being able to take unnecessary actions, such as overwriting files, he says.[/i:bf930d57ec]

8-[ 8-[ 8-[ 8-[ [-( There goes the neighborhood. :roll:

Posy :heartbeat: succeded to stop the evil bots 8-[ 8-[ 8-[ ...

Interesting... :-k
It is true. There is also a santy.b as well...
it looks like you would know it if the site was infected with the santy.a virus. santy.b looks like it would be a little harder to detect. However, it looks as if a current up to date phpBB is all you need for protection... :-s

santy.a
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=41176

santy.b
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=41262

I know it Landy, but upgrading from 2.06 which is the version of the site's forum to 2.11, the last and bulletproof version means tons of files to edit, and you know how I'm lazy... Actually the phpBB version I'm using here is an already modded version called "Minerva" and I made myself a lot of adds and updating, so I can't simply take the last phpBB version and upgrade the site to it because we would loose a lot of features. I applied the most critical updates and it seems we are able to resist the attacks 8-[ ... Yesterday we had a massive attack, 133 bots online at the same time :sick: ...

What I can do is to upgrade little by little to the last phpBB version...

Mhm, i hope, it will all goes right and no harm will get this site.
I hate those fu**ing guys, who make viruses and software to destroy. Those guys are bloody dumb men... :x - they don't have creativity and therefore they must destroy the h ard work of others... :x

Good luck to ya Tormie.

Don't worry PK :bigrinnin: ! I'm backing up the most valuable part of our site, the database, on a daily basis now... I can rebuild the rest but not the database...

8-[

8-[ :pray: :-k ](*,) =; :whistle: #-o

:wickedfart: :sick:

I updated my forum the other day to prevent the worm from getting it. Of course it disabled all my custom installs ](*,) :-k

It's a scary place on the net, people who have nothing better to do than cause problems for all of us who just want to enjoy it. :x
Thank you very much Davide for letting us know about this problem :)
DV, I'm sorry about your forum, I hope you can get it straigtened out soon.

:-k #-o ... (Tormie is preparing a little box with stuff for DV's forum...)

If you have some room in that box Tormie, I've got a few things to add (In case of an emergency that is)
1 rubber shicken
12 cases of Tuna Pop Tarts
5 Gallon's of my War Head Mixer
2 Freshly squeezed Tuna
13 dirty socks (Landmans)
Oh and a couple of dozen books (I need to clear some space in my living room)
:bigrinnin:

ahhhh my 13 dirty socks.... :bigrinnin:
I have the fourteenth one down my pants here, do you want it? :-s