Regarding Sanity.A Worm + Other phpBB Exploits

All updates to the site will be posted here.

Moderator: CricketMX Forum Moderators

Regarding Sanity.A Worm + Other phpBB Exploits

Postby battye » Thu Dec 23, 2004 9:35 am

As per this post, yes there is a vulnerability within phpBB (the software this forum is run off) that can allow hackers, or in some cases a worm to remotely execute code on the board. I won't go into too much detail but basically it had complete control over your server once the executed code was carried out. Potentially, a whole database of posts could have been deleted. To prevent this from happening I installed a patch which I have have been told was sufficient, but should only be used for temporary use. Therefore phpBB has been upgraded to 2.0.11 (the latest stable release). This not only fixes the vulnerability, but also some other issues, such as Visual Confirmation. Lately I have noticed many Spambots registering on our site with links to Porn / Rape sites etc (which accounts I have banned + link removed). The Visual Confirmation requires users to enter the letters / numbers they see (much like Hotmail) to continue, of course Bots can't do this. As other administrators are doing, I urge anyone here that has a phpBB forum to upgrade, anything below 2.0.11 is simply unsafe. To upgrade your forum, visit the following links and see what suits your needs. If you have Modifications installed, visit http://www.phpbb.com/phpBB/catdb.php?cat=48 (only applicable if you use 2.0.5 or above) if you do not, get the Changed Files package from http://prdownloads.sourceforge.net/phpb ... p?download
If you have any problems with that I'll be more than happy to help you :)
CricketMX.com.. home of bat's, rat's and other farmyard animals...
My articles: view all articles by battye

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
battye
Site Admin
Site Admin
 
Posts: 14270
Joined: Sun Jan 11, 2004 8:26 am
Location: Victoria Falls, Zimbabwe

Postby Rat » Fri Dec 24, 2004 8:36 am

Thanks for the info battye..... Looks like I'm going to need some help then. The little zip for those of us with mods installed contains the usual mod instructions. It says to upload the file usercp_confirm.php to includes (done) and then gives what appears to be a lot of code changes. It doesn't say which files to put them in. I assumed that means (since it also says "The two files can be found within the phpBB Archive itself.") that the changes are already made and that they're listed there for information. I guess I assumed incorrectly because I then uploaded and ran the updater... which has three errors and dies. Where are the changes supposed to go? Where does it say? I'm a little puzzled.
For now, I have removed the updater.
User avatar
Rat
Drain Brain
Drain Brain
 
Posts: 4398
Joined: Mon Jun 14, 2004 9:38 am
Location: in the dark

Postby Vladd44 » Fri Dec 24, 2004 4:44 pm

i assume u r wanting to update http://www.rat-hole.org/phpBB2/index.php

http://www.phpbbhacks.com/forums/viewtopic.php?t=40590

the above link shows the physical things that need to be changed step by step......

i would advise you to consider using phpedit to edit the php files. Not needed, but def the easiest.
http://www.waterproof.fr/ <---for phpedit
The avalanche has already started, it is to late for the pebbles to vote. - Kosh
User avatar
Vladd44
Know-It-All
Know-It-All
 
Posts: 100
Joined: Sun Feb 22, 2004 12:32 pm

Postby battye » Sat Dec 25, 2004 2:16 am

And following on from Vladd,

Did you use the changed files or the step by step Rat? Because you have a few MOD's you might be better off with the step by step. Whenever it says ---- [OPEN] ---- it will list the file, that's the file you edit :)

http://www.cricketmx.com/phpbb.php
About 3/4 of the way down are instructions on actions you will find in the update file. :)
CricketMX.com.. home of bat's, rat's and other farmyard animals...
My articles: view all articles by battye

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
battye
Site Admin
Site Admin
 
Posts: 14270
Joined: Sun Jan 11, 2004 8:26 am
Location: Victoria Falls, Zimbabwe

Postby Rat » Mon Dec 27, 2004 7:52 am

Thanks Vladd... that link is useful. I tried phpedit once and found that it basically hates everything to do with my system. It will either not completely install or install with errors. Not to my taste. The support team were very eager to help but unsuccessful.

Battye, I was using the step by step file you linked to above... only, the instructions are not evident. The web page linked by Vladd is by far superior.

If anyone else is having trouble, my advice would be to follow Vladd's link. :)
User avatar
Rat
Drain Brain
Drain Brain
 
Posts: 4398
Joined: Mon Jun 14, 2004 9:38 am
Location: in the dark

Postby battye » Fri Dec 31, 2004 4:28 am

I've placed a mod_rewrite (Apache) rule in place so the crawlers won't reach our forum. It's already working!

For those who want to add the mod_rewrite code, use the following (Originally written by rcardona of phpBB.com):

Copy the following code:

Code: Select all
RewriteEngine On
RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR]
RewriteCond %{HTTP_COOKIE}% s:(.*):\%22test1\%22\%3b
RewriteRule ^.*$   -   [F,L]


And paste it in a blank Notepad file, save it as: .htaccess (Dot htaccess)

Upload that file to your forum, or any higher level. The higher the level the more files / folders it will protect. It will only work if you run Apache, but it may not work even if you do as Apache may not support rewrite rules. If it doesn't support them you will recieve an error message in which case you have to remove the file.

Information from: http://www.phpbb.com/phpBB/viewtopic.php?t=249010
CricketMX.com.. home of bat's, rat's and other farmyard animals...
My articles: view all articles by battye

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
battye
Site Admin
Site Admin
 
Posts: 14270
Joined: Sun Jan 11, 2004 8:26 am
Location: Victoria Falls, Zimbabwe

Postby Rat » Fri Dec 31, 2004 8:15 am

I should point out that if you're not running on apache, or if you already have .htaccess files in higher levels you may cause a misconfiguration error (error 500) which would prevent users reaching your site. If that happens, don't worry... just delete the file. No harm done. :)
User avatar
Rat
Drain Brain
Drain Brain
 
Posts: 4398
Joined: Mon Jun 14, 2004 9:38 am
Location: in the dark

Postby battye » Fri Dec 31, 2004 1:33 pm

I have .htaccess files in higher levels and they still work
CricketMX.com.. home of bat's, rat's and other farmyard animals...
My articles: view all articles by battye

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
battye
Site Admin
Site Admin
 
Posts: 14270
Joined: Sun Jan 11, 2004 8:26 am
Location: Victoria Falls, Zimbabwe

Postby Rat » Fri Dec 31, 2004 2:30 pm

I said 'may' not 'will' mr battye sir. :D
User avatar
Rat
Drain Brain
Drain Brain
 
Posts: 4398
Joined: Mon Jun 14, 2004 9:38 am
Location: in the dark

Postby battye » Fri Dec 31, 2004 2:39 pm

ok :)
CricketMX.com.. home of bat's, rat's and other farmyard animals...
My articles: view all articles by battye

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
battye
Site Admin
Site Admin
 
Posts: 14270
Joined: Sun Jan 11, 2004 8:26 am
Location: Victoria Falls, Zimbabwe

Postby Red XIII » Fri Dec 31, 2004 6:34 pm

IS this the first forum virus that has tried to sneak in here?
Die Verstorbenen werden wieder in einem Fluss des Bluts steigen
User avatar
Red XIII
Sultan Ruler Of The Poles!
Sultan Ruler Of The Poles!
 
Posts: 8317
Joined: Sun Feb 01, 2004 5:28 am
Location: Cheese Head

Postby battye » Fri Dec 31, 2004 6:45 pm

There are different variants of it, but hopefully it can't get in through: phpBB 2.0.11, Mod Rewrite Condition, PHP Patch :)
CricketMX.com.. home of bat's, rat's and other farmyard animals...
My articles: view all articles by battye

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
battye
Site Admin
Site Admin
 
Posts: 14270
Joined: Sun Jan 11, 2004 8:26 am
Location: Victoria Falls, Zimbabwe

Postby Red XIII » Fri Dec 31, 2004 7:19 pm

IF it does what happens? We get ads here too?
Die Verstorbenen werden wieder in einem Fluss des Bluts steigen
User avatar
Red XIII
Sultan Ruler Of The Poles!
Sultan Ruler Of The Poles!
 
Posts: 8317
Joined: Sun Feb 01, 2004 5:28 am
Location: Cheese Head

Postby battye » Sat Jan 01, 2005 4:42 am

What are you talking about? :?

#1 The chances of it happening are very slim
#2 You'd get a defaced message
CricketMX.com.. home of bat's, rat's and other farmyard animals...
My articles: view all articles by battye

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
battye
Site Admin
Site Admin
 
Posts: 14270
Joined: Sun Jan 11, 2004 8:26 am
Location: Victoria Falls, Zimbabwe

Postby Red XIII » Sat Jan 01, 2005 5:25 am

oh ok...
Die Verstorbenen werden wieder in einem Fluss des Bluts steigen
User avatar
Red XIII
Sultan Ruler Of The Poles!
Sultan Ruler Of The Poles!
 
Posts: 8317
Joined: Sun Feb 01, 2004 5:28 am
Location: Cheese Head


Return to Updates

Who is online

Users browsing this forum: No registered users and 1 guest

cron