Previous Thread
Next Thread
Print Thread
Hop To
Joined: Sep 2004
Posts: 1
H
stranger
stranger
H Offline
Joined: Sep 2004
Posts: 1
We've had 6.7.2 breached by this worm:

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1036174,00.html

The only crucial file it got was ultimatebb.php, but that's enough to bring down most the board....

Any suggestions?

Joined: Jul 2006
Posts: 2,143
Pooh-Bah
Pooh-Bah
Joined: Jul 2006
Posts: 2,143
UBB.classic is not a vector for this worm - it only infects phpBB boards.

The worm, once attached to the board, proceeds to scour the server for writable files with certain extensions, which then proceed to get overwritten with the worm's message.

Your server has a phpBB running on it somewhere that was infected, and proceeded to jump boundaries into your account (and surely everyone else's on that server) and do its work.

Again, there is no way for UBB.classic (or UBB.threads) to be a vector for this worm.


This thread for sale. Click here! [Linked Image from navaho.infopop.cc]
Joined: Aug 2004
Posts: 28
U
newbie
newbie
U Offline
Joined: Aug 2004
Posts: 28
Hi Charles and brushiefish,

I had two ubb.classic forums that are no longer up because of something ? I'm not certain if it's this worm or not, but I've taken them both down and had to have the server re-built. I wasn't using a php database or anything else that I think could have been compromised. Just html and the ubb classic forum. I'm not an expert by any means but .... there it is.

Joined: Jul 2006
Posts: 2,143
Pooh-Bah
Pooh-Bah
Joined: Jul 2006
Posts: 2,143
It is unlikely that the worm was the cause unless the file destruction matches that which is described in the article posted above.


This thread for sale. Click here! [Linked Image from navaho.infopop.cc]
Joined: Aug 2004
Posts: 28
U
newbie
newbie
U Offline
Joined: Aug 2004
Posts: 28
Hi Charles,

Thank you for your reply. You may want to read this article:

http://www.computerworld.com/securitytopics/security/holes/story/0,10801,98553,00.html?from=homeheads

Sincerely

Joined: Aug 2004
Posts: 28
U
newbie
newbie
U Offline
Joined: Aug 2004
Posts: 28
::
Early versions of the Santy worm exploited a specific bug in a bulletin-board software package called phpBB, and their attacks could be prevented by applying a patch to the software (see story). However, the security flaw exploited by newer versions of the worm such as Santy.C or Santy.E is more general, and can occur anywhere a site designer has left the door open for the inclusion of arbitrary files into PHP scripts, experts at K-OTik Security in Montpellier, France, warned.

Joined: Jul 2006
Posts: 2,143
Pooh-Bah
Pooh-Bah
Joined: Jul 2006
Posts: 2,143
No Infopop products are vulnerable to any existing version of the Santy worm.


This thread for sale. Click here! [Linked Image from navaho.infopop.cc]

Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Profile avatar storage settings
by SenecaFlyer - 12/05/2024 1:24 PM
Not allowing attachment over 2m
by ehill - 12/03/2024 3:16 PM
New Admin Here
by SenecaFlyer - 12/02/2024 4:14 PM
Who's Online Now
2 members (Ruben, Gizmo), 1,116 guests, and 116 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.1
(Snapshot build 20240918)