RE: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums

2004-12-23 Thread Paul Laudanski
On Thu, 23 Dec 2004, Patrick Nolan wrote: > A bot is not uploaded, not sure where that came from. > And by now, it is not expected to be spreading at all, thanks to the > interruption in search requests by Google. There are a couple posts going on about this, for instance take this article: htt

RE: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums

2004-12-23 Thread Patrick Nolan
> -Original Message- > On Behalf Of Willem Koenings > Subject: Re: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums > > Mark wrote: > > > This exploit is becoming frequent. Normally uploading a ddos bot. > > what kind of a bot is uploaded? does anyone hav

[Full-Disclosure] RE: Worm hitting PHPbb2 Forums

2004-12-23 Thread Mattias R. Lindgren
There is a workaround posted http://forums.ir0x0rz.com/viewtopic.php?t=34 I'm hoping this will be enough to protect phpBB installs. ~M -Original Message- From: M. Shirk [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 5:53 PM To: [EMAIL PROTECTED] Cc: full-disclosure@lists.net

Re: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums

2004-12-22 Thread Willem Koenings
Mark wrote: > This exploit is becoming frequent. Normally uploading > a ddos bot. what kind of a bot is uploaded? does anyone have a sample to contribute me? W. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-

[Full-Disclosure] RE: Worm hitting PHPbb2 Forums

2004-12-21 Thread David Devault
Net Worm Uses Google to Spread http://it.slashdot.org/it/04/12/21/2135235.shtml?tid=220&tid=217&tid=169 -Original Message- From: Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 10:28 AM To: [EMAIL PROTECTED]; L. Walker Cc: [EMAIL PROTECTED]; full-disclosure@lists.netsys.c

[Full-Disclosure] RE: Worm hitting PHPbb2 Forums

2004-12-21 Thread M. Shirk
I missed an important "F" on my previous post for these snort sigs. alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE phpBB Highlighting Code Execution - Santy.A Worm"; flow:to_server,established; uricontent:"/viewtopic.php?"; nocase; uricontent:"&highlight='.fwrite(fopen(

[Full-Disclosure] Re: Worm hitting PHPbb2 Forums

2004-12-21 Thread mark
Front what I have read, this can happen in any phpbb version lower than 2.0.11 This exploit is becoming frequent. Normally uploading a ddos bot. Mark Quoting "L. Walker" <[EMAIL PROTECTED]>: > Just spotted two clients hit by this. One client didnt update his > software (PHP 4.3.4, Apache 1.3.

[Full-Disclosure] RE: Worm hitting PHPbb2 Forums

2004-12-21 Thread Mike
Does this affect PHPBB2 in general, or is it platform specific as well? Mike Fetherston > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 21, 2004 12:47 PM > To: L. Walker > Cc: [EMAIL PROTECTED]; full-disclosure@lists.netsys.com > Subject:

[Full-Disclosure] RE: Worm hitting PHPbb2 Forums

2004-12-21 Thread Christopher Adickes
In addition to your post here is some more info. http://isc.sans.org/ -Original Message- From: L. Walker [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 4:23 AM To: [EMAIL PROTECTED] Cc: full-disclosure@lists.netsys.com Subject: Worm hitting PHPbb2 Forums Importance: High