You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 431 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Reminder to Upgrade to BBtoNuke 2.0.11
SecuritySanty Worm Spreads Through phpBB Forums (21 Dec 2004)

Thousands of servers hosting phpBB forums have been defaced today by a worm that exploits a security hole in the popular bulletin board program.

The Santy worm is written in Perl, and exploits a flaw in a file called viewtopic.php that allows an SQL injection exploit, in which SQL database commands typed into a web form can be executed. The worm defaces the web site with the phrase "This site is defaced!!! NeverEver NoSanity" and then seeks out other phpBB sites to attack, apparently using Google to locate the target viewtopic.php files.

A Google search for the file currently returns more than 4 million results, while an MSN search lists more than 37,000 appearances of the defacement. Internet security firms are issuing public requests for Google to block these searches to limit the spread of the worm.

The viewtopic.php security hole in phpBB is fixed in version 2.0.11, which has been available for more than a month. The security hole is different from a phpBB exploit published earlier this week that targets a flaw in the PHP scripting language...

News Source: Netcraft (Full Text)
BBtoNuke 2.0.11: Nuke Resources - Downloads
Posted on Wednesday, December 22 @ 01:43:51 CET by VinDSL
 
Related Links
· Computer Cops
· More about Security
· News by VinDSL


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 5
Votes: 1


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Reminder to Upgrade to BBtoNuke 2.0.11 (Score: 1)
by sandman229 on Wednesday, December 22 @ 15:03:34 CET
(User Info | Send a Message)
I got hit by this virus but I had to upgrade the MS-analysis to 2.11, which what this virus hit. It didn't hit viewtopic.php. The only way I had to fix this was upgrade MS-analysis.



Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.132 Seconds - 171 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::