Site Links
Home
Features
Documentation
Pricing & Order
Members Area
Support Options
UBBDev.com
UBBWiki.com
Who's Online Now
2 registered members (JAISP, mmkk), 56 guests, and 379 spiders.
Key: Admin, Global Mod, Mod
Member Spotlight
Posts: 25
Joined: November 2012
Show All Member Profiles 
Top Posters(30 Days)
Gizmo 12
M4TT 9
Ruben 8
mmkk 4
FREAK 3
isaac 3
Latest Photos
Chinese Buddhist temple.
My buddha beads.
Rendered Walls
Multi-Screen wallpaper
Stockholm Metro
Previous Thread
Next Thread
Print Thread
[NOTABUG] Net.Worm.Perl.Santy-A #113880
12/21/04 06:15 PM
12/21/04 06:15 PM
Joined: Sep 2004
Posts: 1
H
Hertz Offline OP
stranger
Hertz  Offline OP
stranger
H
Joined: Sep 2004
Posts: 1
We've had 6.7.2 breached by this worm:

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1036174,00.html

The only crucial file it got was ultimatebb.php, but that's enough to bring down most the board....

Any suggestions?

Express Hosting
Express Hosting "We are the official hosting company of UBB.threads. Ask us about our free migration services to migrate your UBB.threads installation."
Re: [NOTABUG] Net.Worm.Perl.Santy-A #113881
12/21/04 06:27 PM
12/21/04 06:27 PM
Joined: Jul 2006
Posts: 2,199
David Dreezer Offline

Pooh-Bah
David Dreezer  Offline

Pooh-Bah
Joined: Jul 2006
Posts: 2,199
UBB.classic is not a vector for this worm - it only infects phpBB boards.

The worm, once attached to the board, proceeds to scour the server for writable files with certain extensions, which then proceed to get overwritten with the worm's message.

Your server has a phpBB running on it somewhere that was infected, and proceeded to jump boundaries into your account (and surely everyone else's on that server) and do its work.

Again, there is no way for UBB.classic (or UBB.threads) to be a vector for this worm.


This thread for sale. Click here! [Linked Image]
Re: [NOTABUG] Net.Worm.Perl.Santy-A #113882
12/26/04 08:00 PM
12/26/04 08:00 PM
Joined: Aug 2004
Posts: 28
U
Unnet Board Guy Offline
newbie
Unnet Board Guy  Offline
newbie
U
Joined: Aug 2004
Posts: 28
Hi Charles and brushiefish,

I had two ubb.classic forums that are no longer up because of something ? I'm not certain if it's this worm or not, but I've taken them both down and had to have the server re-built. I wasn't using a php database or anything else that I think could have been compromised. Just html and the ubb classic forum. I'm not an expert by any means but .... there it is.

Re: [NOTABUG] Net.Worm.Perl.Santy-A #113883
12/27/04 01:20 PM
12/27/04 01:20 PM
Joined: Jul 2006
Posts: 2,199
David Dreezer Offline

Pooh-Bah
David Dreezer  Offline

Pooh-Bah
Joined: Jul 2006
Posts: 2,199
It is unlikely that the worm was the cause unless the file destruction matches that which is described in the article posted above.


This thread for sale. Click here! [Linked Image]
Re: [NOTABUG] Net.Worm.Perl.Santy-A #113884
12/28/04 10:25 AM
12/28/04 10:25 AM
Joined: Aug 2004
Posts: 28
U
Unnet Board Guy Offline
newbie
Unnet Board Guy  Offline
newbie
U
Joined: Aug 2004
Posts: 28
Hi Charles,

Thank you for your reply. You may want to read this article:

http://www.computerworld.com/securitytopics/security/holes/story/0,10801,98553,00.html?from=homeheads

Sincerely

Re: [NOTABUG] Net.Worm.Perl.Santy-A #113885
12/28/04 10:26 AM
12/28/04 10:26 AM
Joined: Aug 2004
Posts: 28
U
Unnet Board Guy Offline
newbie
Unnet Board Guy  Offline
newbie
U
Joined: Aug 2004
Posts: 28
::
Early versions of the Santy worm exploited a specific bug in a bulletin-board software package called phpBB, and their attacks could be prevented by applying a patch to the software (see story). However, the security flaw exploited by newer versions of the worm such as Santy.C or Santy.E is more general, and can occur anywhere a site designer has left the door open for the inclusion of arbitrary files into PHP scripts, experts at K-OTik Security in Montpellier, France, warned.

Re: [NOTABUG] Net.Worm.Perl.Santy-A #113886
12/28/04 02:32 PM
12/28/04 02:32 PM
Joined: Jul 2006
Posts: 2,199
David Dreezer Offline

Pooh-Bah
David Dreezer  Offline

Pooh-Bah
Joined: Jul 2006
Posts: 2,199
No Infopop products are vulnerable to any existing version of the Santy worm.


This thread for sale. Click here! [Linked Image]

Shout Box
Today's Birthdays
No Birthdays
Recent Topics
Users Unable to Upload Avatar [Not a Bug]
by M4TT. 12/13/17 08:51 AM
Shout Box Sound Effect
by M4TT. 11/29/17 08:28 PM
Ad island
by TGCsanderson. 11/25/17 06:41 PM
Taking to long to connect to DB
by AstroCat. 11/24/17 12:34 PM
Forum Statistics
Forums36
Topics35,015
Posts190,544
Members12,045
Most Online978
Jun 24th, 2007
Random Image
Powered by UBB.threads™ PHP Forum Software 7.6.1
(Snapshot build 20171106)