Regarding Sanity.A Worm + Other phpBB Exploits

All updates to the site will be posted here.

Moderator: CricketMX Forum Moderators

Post Reply
User avatar
battye
Site Admin
Site Admin
Posts: 14391
Joined: Sun Jan 11, 2004 8:26 am
Location: Australia
Contact:

As per this post, yes there is a vulnerability within phpBB (the software this forum is run off) that can allow hackers, or in some cases a worm to remotely execute code on the board. I won't go into too much detail but basically it had complete control over your server once the executed code was carried out. Potentially, a whole database of posts could have been deleted. To prevent this from happening I installed a patch which I have have been told was sufficient, but should only be used for temporary use. Therefore phpBB has been upgraded to 2.0.11 (the latest stable release). This not only fixes the vulnerability, but also some other issues, such as Visual Confirmation. Lately I have noticed many Spambots registering on our site with links to Porn / Rape sites etc (which accounts I have banned + link removed). The Visual Confirmation requires users to enter the letters / numbers they see (much like Hotmail) to continue, of course Bots can't do this. As other administrators are doing, I urge anyone here that has a phpBB forum to upgrade, anything below 2.0.11 is simply unsafe. To upgrade your forum, visit the following links and see what suits your needs. If you have Modifications installed, visit http://www.phpbb.com/phpBB/catdb.php?cat=48 (only applicable if you use 2.0.5 or above) if you do not, get the Changed Files package from http://prdownloads.sourceforge.net/phpb ... p?download
If you have any problems with that I'll be more than happy to help you :)
CricketMX.com in 2022: Still the home of bat's, rat's and other farmyard animals!

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
Rat
Drain Brain
Drain Brain
Posts: 4475
Joined: Mon Jun 14, 2004 9:38 am
Location: in the dark

Thanks for the info battye..... Looks like I'm going to need some help then. The little zip for those of us with mods installed contains the usual mod instructions. It says to upload the file usercp_confirm.php to includes (done) and then gives what appears to be a lot of code changes. It doesn't say which files to put them in. I assumed that means (since it also says "The two files can be found within the phpBB Archive itself.") that the changes are already made and that they're listed there for information. I guess I assumed incorrectly because I then uploaded and ran the updater... which has three errors and dies. Where are the changes supposed to go? Where does it say? I'm a little puzzled.
For now, I have removed the updater.
Vladd44
Know-It-All
Know-It-All
Posts: 100
Joined: Sun Feb 22, 2004 12:32 pm
Contact:

i assume u r wanting to update http://www.rat-hole.org/phpBB2/index.php

http://www.phpbbhacks.com/forums/viewtopic.php?t=40590

the above link shows the physical things that need to be changed step by step......

i would advise you to consider using phpedit to edit the php files. Not needed, but def the easiest.
http://www.waterproof.fr/ <---for phpedit
The avalanche has already started, it is to late for the pebbles to vote. - Kosh
User avatar
battye
Site Admin
Site Admin
Posts: 14391
Joined: Sun Jan 11, 2004 8:26 am
Location: Australia
Contact:

And following on from Vladd,

Did you use the changed files or the step by step Rat? Because you have a few MOD's you might be better off with the step by step. Whenever it says ---- [OPEN] ---- it will list the file, that's the file you edit :)

http://www.cricketmx.com/phpbb.php
About 3/4 of the way down are instructions on actions you will find in the update file. :)
CricketMX.com in 2022: Still the home of bat's, rat's and other farmyard animals!

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
Rat
Drain Brain
Drain Brain
Posts: 4475
Joined: Mon Jun 14, 2004 9:38 am
Location: in the dark

Thanks Vladd... that link is useful. I tried phpedit once and found that it basically hates everything to do with my system. It will either not completely install or install with errors. Not to my taste. The support team were very eager to help but unsuccessful.

Battye, I was using the step by step file you linked to above... only, the instructions are not evident. The web page linked by Vladd is by far superior.

If anyone else is having trouble, my advice would be to follow Vladd's link. :)
User avatar
battye
Site Admin
Site Admin
Posts: 14391
Joined: Sun Jan 11, 2004 8:26 am
Location: Australia
Contact:

I've placed a mod_rewrite (Apache) rule in place so the crawlers won't reach our forum. It's already working!

For those who want to add the mod_rewrite code, use the following (Originally written by rcardona of phpBB.com):

Copy the following code:

Code: Select all

RewriteEngine On
RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR]
RewriteCond %{HTTP_COOKIE}% s:(.*):\%22test1\%22\%3b
RewriteRule ^.*$   -   [F,L] 
And paste it in a blank Notepad file, save it as: .htaccess (Dot htaccess)

Upload that file to your forum, or any higher level. The higher the level the more files / folders it will protect. It will only work if you run Apache, but it may not work even if you do as Apache may not support rewrite rules. If it doesn't support them you will recieve an error message in which case you have to remove the file.

Information from: http://www.phpbb.com/phpBB/viewtopic.php?t=249010
CricketMX.com in 2022: Still the home of bat's, rat's and other farmyard animals!

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
Rat
Drain Brain
Drain Brain
Posts: 4475
Joined: Mon Jun 14, 2004 9:38 am
Location: in the dark

I should point out that if you're not running on apache, or if you already have .htaccess files in higher levels you may cause a misconfiguration error (error 500) which would prevent users reaching your site. If that happens, don't worry... just delete the file. No harm done. :)
User avatar
battye
Site Admin
Site Admin
Posts: 14391
Joined: Sun Jan 11, 2004 8:26 am
Location: Australia
Contact:

I have .htaccess files in higher levels and they still work
CricketMX.com in 2022: Still the home of bat's, rat's and other farmyard animals!

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
Rat
Drain Brain
Drain Brain
Posts: 4475
Joined: Mon Jun 14, 2004 9:38 am
Location: in the dark

I said 'may' not 'will' mr battye sir. :D
User avatar
battye
Site Admin
Site Admin
Posts: 14391
Joined: Sun Jan 11, 2004 8:26 am
Location: Australia
Contact:

ok :)
CricketMX.com in 2022: Still the home of bat's, rat's and other farmyard animals!

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
Red XIII
Sultan Ruler Of The Poles!
Sultan Ruler Of The Poles!
Posts: 8317
Joined: Sun Feb 01, 2004 5:28 am
Location: Cheese Head

IS this the first forum virus that has tried to sneak in here?
Die Verstorbenen werden wieder in einem Fluss des Bluts steigen
User avatar
battye
Site Admin
Site Admin
Posts: 14391
Joined: Sun Jan 11, 2004 8:26 am
Location: Australia
Contact:

There are different variants of it, but hopefully it can't get in through: phpBB 2.0.11, Mod Rewrite Condition, PHP Patch :)
CricketMX.com in 2022: Still the home of bat's, rat's and other farmyard animals!

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
Red XIII
Sultan Ruler Of The Poles!
Sultan Ruler Of The Poles!
Posts: 8317
Joined: Sun Feb 01, 2004 5:28 am
Location: Cheese Head

IF it does what happens? We get ads here too?
Die Verstorbenen werden wieder in einem Fluss des Bluts steigen
User avatar
battye
Site Admin
Site Admin
Posts: 14391
Joined: Sun Jan 11, 2004 8:26 am
Location: Australia
Contact:

What are you talking about? :?

#1 The chances of it happening are very slim
#2 You'd get a defaced message
CricketMX.com in 2022: Still the home of bat's, rat's and other farmyard animals!

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
Red XIII
Sultan Ruler Of The Poles!
Sultan Ruler Of The Poles!
Posts: 8317
Joined: Sun Feb 01, 2004 5:28 am
Location: Cheese Head

oh ok...
Die Verstorbenen werden wieder in einem Fluss des Bluts steigen
Post Reply