On Thu, 23 Dec 2004, Patrick Nolan wrote:
> A bot is not uploaded, not sure where that came from.
> And by now, it is not expected to be spreading at all, thanks to the
> interruption in search requests by Google.
There are a couple posts going on about this, for instance take this
article:
htt
> -Original Message-
> On Behalf Of Willem Koenings
> Subject: Re: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums
>
> Mark wrote:
>
> > This exploit is becoming frequent. Normally uploading a ddos bot.
>
> what kind of a bot is uploaded? does anyone hav
There is a workaround posted http://forums.ir0x0rz.com/viewtopic.php?t=34
I'm hoping this will be enough to protect phpBB installs.
~M
-Original Message-
From: M. Shirk [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 21, 2004 5:53 PM
To: [EMAIL PROTECTED]
Cc: full-disclosure@lists.net
Mark wrote:
> This exploit is becoming frequent. Normally uploading
> a ddos bot.
what kind of a bot is uploaded? does anyone have a sample
to contribute me?
W.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-
Net Worm Uses Google to Spread
http://it.slashdot.org/it/04/12/21/2135235.shtml?tid=220&tid=217&tid=169
-Original Message-
From: Mike [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 21, 2004 10:28 AM
To: [EMAIL PROTECTED]; L. Walker
Cc: [EMAIL PROTECTED]; full-disclosure@lists.netsys.c
I missed an important "F" on my previous post for these snort sigs.
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE
phpBB Highlighting Code Execution - Santy.A Worm";
flow:to_server,established; uricontent:"/viewtopic.php?"; nocase;
uricontent:"&highlight='.fwrite(fopen(
Front what I have read, this can happen in any phpbb version lower than 2.0.11
This exploit is becoming frequent. Normally uploading a ddos bot.
Mark
Quoting "L. Walker" <[EMAIL PROTECTED]>:
> Just spotted two clients hit by this. One client didnt update his
> software (PHP 4.3.4, Apache 1.3.
Does this affect PHPBB2 in general, or is it platform specific as well?
Mike Fetherston
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 21, 2004 12:47 PM
> To: L. Walker
> Cc: [EMAIL PROTECTED]; full-disclosure@lists.netsys.com
> Subject:
In addition to your post here is some more info.
http://isc.sans.org/
-Original Message-
From: L. Walker [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 21, 2004 4:23 AM
To: [EMAIL PROTECTED]
Cc: full-disclosure@lists.netsys.com
Subject: Worm hitting PHPbb2 Forums
Importance: High