PDA

View Full Version : Forum owners beware



Badger
December 22nd, 2004, 12:47
http://www.f-secure.com/v-descs/santy_a.shtml

It says its only effecting phpBB, but my invision board got several skins infected by it, rendering them useless.

Make some backups of your skins (I never).

Jale
December 22nd, 2004, 14:46
So my phpbb board is doomed, right? :msn_confu

Lefteris_D
December 22nd, 2004, 15:12
It says its only effecting phpBB, but my invision board got several skins infected by it, rendering them useless.
The "Highlight Vulnerability" on phpBB was announced by the phpBB team days ago and a bugfix edition was released. Anyone that did not update their forum software just had it coming.

The bug however is not phpBB related exactly but a bug in PHP functions used by phpBB(and IPB and vb etc etc). All PHP versions prior to 4.3.10 & 5.0.3 can be expoited.

The Emulator Zone Forum(along with everything else on the server) needs no patching as PHP was updated yesterday.



So my phpbb board is doomed, right?
You have one of those "hosted" boards so your host is responsible for the updates. You can do nothing about it.

Jale
December 22nd, 2004, 15:46
You have one of those "hosted" boards so your host is responsible for the updates. You can do nothing about it.

OK, now I can live in peace :my_rambo:

Jet Set Willy
December 22nd, 2004, 16:10
You and your 1 registered user!

Jale
December 22nd, 2004, 16:30
Actually I have 2 phpbb forums. One is recent (the one you said "You and your 1 registered user!") and the other one is 1 week old and I already have 11 registered users.

Lefteris_D
December 22nd, 2004, 16:34
It does not matter. Your host still needs to update the forum.

Badger
December 22nd, 2004, 17:54
The "Highlight Vulnerability" on phpBB was announced by the phpBB team days ago and a bugfix edition was released. Anyone that did not update their forum software just had it coming..


Had it coming?

Suprisingly I don't check my forum software for updates every other day. Is this unusual or something?

Lefteris_D
December 22nd, 2004, 20:02
Had it coming?

Suprisingly I don't check my forum software for updates every other day. Is this unusual or something?
I check for updates every 3-4 days and the message was available at phpbb.com since November 18(click (http://www.phpbb.com/phpBB/viewtopic.php?t=240636)).

As for a warning about the PHP exploits several bulletin board makers made an official announcement: phpBB (http://www.phpbb.com/phpBB/viewtopic.php?t=248046), vBulletin (http://www.vbulletin.com/forum/showthread.php?t=123531), SMF (http://www.simplemachines.org/community/index.php?topic=22008.0). There were also several user created threads in all the official board manufacturer sites.

Any person that had the ability to patch their forum software or upgrade PHP and simply did not do it had it coming.

This time it was not a hacker that did a specific attack but a worm that started attacking everything it could. That only teaches us to keep an eye on certain updates.

GHDpro
December 22nd, 2004, 20:58
Aw come on, I didn't know the problems were this severe until only a few days ago.

And while the main server software is now up-to-date on a few of my servers, I hope
there are no major bugs in the other software (FTP, SSH, Kernel, etc) as I don't exactly
check for updates for those... ever. On some servers I do occasionally run "yum update"
though, but I'm not sure how fullproof that is.

Ah welll, at least I got a firewall running, which at least limits the possible hack attempts
to services that are actually used.

Lefteris_D
December 22nd, 2004, 21:33
Aw come on, I didn't know the problems were this severe until only a few days ago.
The only files that could have caused the problems were Invisionboard(gone) my forum(pathed days ago!), Burning Board(almost gone) and phpMyAdmin(private directory).

If I knew you had phpBB installed(which you don't) I would have started bugging you as usual when it comes to security issues.

Badger
December 22nd, 2004, 22:02
I check for updates every 3-4 days and the message was available at phpbb.com since November 18(click (http://www.phpbb.com/phpBB/viewtopic.php?t=240636)).

As for a warning about the PHP exploits several bulletin board makers made an official announcement: phpBB (http://www.phpbb.com/phpBB/viewtopic.php?t=248046), vBulletin (http://www.vbulletin.com/forum/showthread.php?t=123531), SMF (http://www.simplemachines.org/community/index.php?topic=22008.0). There were also several user created threads in all the official board manufacturer sites.

Any person that had the ability to patch their forum software or upgrade PHP and simply did not do it had it coming.

This time it was not a hacker that did a specific attack but a worm that started attacking everything it could. That only teaches us to keep an eye on certain updates.


I use the icon in the IPB admin panel to tell me if updates are available, as far as I know there wasn't any until at maximum 4-5 days ago, which was the last time I logged in the admin panel. I had no idea about this worm, until it was to late. Obviously the forum software has now been patched.

Lefteris_D
December 22nd, 2004, 22:13
I use the icon in the IPB admin panel to tell me if updates are available
That means that IPS remembered to update the script on their server. The message means that IPB2 is out...

It will only change when major versions are released 1.2 >> 1.3, 1.3 >> 1.3.1 etc

How they forgot to update the system to show that 2.0.x was out for that many weeks I don't know.

If you REALLY want to know about security releases better look here for news: http://forums.invisionpower.com/index.php?showforum=1


I also have to remind you that IPB does not have any automatic patching systems so you have to apply the patches yourself. Also, the 1.3.x series has been discontinued. To be secure you need the 2.0.x series.