| View previous topic :: View next topic ? |
| Author |
Message |
Asmo
Site Admin
Joined: 26 Oct 2004
Posts: 321
Location: Undernet
|
 Posted: Tue Dec 21, 2004 1:52 pm?? ?Post subject: Bahamut support website cracked
|
 |
|
"This website is temporary down because the idiot admin (i.e. me) didn't update phpBB to a non exploitable version" webmaster Doc stated on the Bahamut-community.org website.
Bahamut-community.org is a website with got started to help users with this popular IRCd, and to relieve the support channel #bahamut on DALnet from FAQ's.
The website is based on the popular phpBB forum software, which recently saw an important update due to a serious exploit. Webmaster Doc stated in a reaction to IRC-Junkie: "I had been warned about it soon after it came out by several people, however I've recently just got a job and a new girlfriend, so I've had very little time for the internet :|. I guess this has taught me a lesson."
PhpBB developer psoTFX had this to say on the phpBB forum about users who still have not updated: "This is a reminder to all users to upgrade as soon as possible to 2.0.11. Remember, the issue leading to this release was extremely serious. It gave rise to the possibility for persons to "install" scripts, delete files and otherwise access your system."
The exploit used on Bahamut-community.org had overwritten all .php and .htm files. "Thankfully nothing was lost", Doc explained. "As with all websites on my server the database is backed up once a day and kept for five days, as are web files. I have chosen not to just simply restore the phpbb scripts as they would be exploitable."
The website is back online. Thanks to DesertFox for bringing this to my attention!
_________________
Asmo
webmaster www.IRC-Junkie.org
|
|
| Back to top |
|
 |
ex0dus
Joined: 29 Oct 2004
Posts: 3
Location: Sydney, Aust
|
|
Posted: Tue Dec 21, 2004 11:36 pm?? ?Post subject:
|
|
|
In relation to this: http://it.slashdot.org/it/04/12/21/2135235.shtml?tid=220&tid=217&tid=169
Thought it was kinda interesting.
|
|
| Back to top |
|
|
BarkerJr
Joined: 31 Oct 2004
Posts: 29
|
|
Posted: Wed Dec 22, 2004 1:31 am?? ?Post subject:
|
|
|
That must be what alerted CERT... http://www.kb.cert.org/vuls/id/497400
Both of the websites that I administer have had their phpBB directories listed in robots.txt for months, so they're safe.
|
|
| Back to top |
|
|
BarkerJr
Joined: 31 Oct 2004
Posts: 29
|
|
Posted: Wed Dec 22, 2004 2:03 am?? ?Post subject:
|
|
|
I spoke too soon. It looks like one of my sites has a few hits:
http://barkerjr.net/tmp/santy.txt
Which seems to decode to:
system(perl -e "open OUT,q(>m1ho2of) and print q(HYv9po4z3jjHWanN)");
|
|
| Back to top |
|
|
BarkerJr
Joined: 31 Oct 2004
Posts: 29
|
|
Posted: Wed Dec 22, 2004 4:31 am?? ?Post subject: Google squashes Santy worm
|
|
|
|
http://news.zdnet.com/2100-1009_22-5500265.html
|
|
| Back to top |
|
|
|
|
???
