Forum owners beware

[Badger]

http://www.f-secure.com/v-descs/santy_a.shtml

It says its only effecting phpBB, but my invision board got several skins infected by it, rendering them useless.

Make some backups of your skins (I never).

[Jale]

So my phpbb board is doomed, right?

[Lefteris_D]

It says its only effecting phpBB, but my invision board got several skins infected by it, rendering them useless.

The "Highlight Vulnerability" on phpBB was announced by the phpBB team days ago and a bugfix edition was released. Anyone that did not update their forum software just had it coming.

The bug however is not phpBB related exactly but a bug in PHP functions used by phpBB(and IPB and vb etc etc). All PHP versions prior to 4.3.10 & 5.0.3 can be expoited.

The Emulator Zone Forum(along with everything else on the server) needs no patching as PHP was updated yesterday.

So my phpbb board is doomed, right?

You have one of those "hosted" boards so your host is responsible for the updates. You can do nothing about it.

[Jale]

You have one of those "hosted" boards so your host is responsible for the updates. You can do nothing about it.

OK, now I can live in peace

[Jet Set Willy]

You and your 1 registered user!

[Jale]

Actually I have 2 phpbb forums. One is recent (the one you said "You and your 1 registered user!") and the other one is 1 week old and I already have 11 registered users.

[Lefteris_D]

It does not matter. Your host still needs to update the forum.

[Badger]

The "Highlight Vulnerability" on phpBB was announced by the phpBB team days ago and a bugfix edition was released. Anyone that did not update their forum software just had it coming..

Had it coming?

Suprisingly I don't check my forum software for updates every other day. Is this unusual or something?

[Lefteris_D]

Had it coming?

Suprisingly I don't check my forum software for updates every other day. Is this unusual or something?

I check for updates every 3-4 days and the message was available at phpbb.com since November 18(click).

As for a warning about the PHP exploits several bulletin board makers made an official announcement: phpBB, vBulletin, SMF. There were also several user created threads in all the official board manufacturer sites.

Any person that had the ability to patch their forum software or upgrade PHP and simply did not do it had it coming.

This time it was not a hacker that did a specific attack but a worm that started attacking everything it could. That only teaches us to keep an eye on certain updates.

[GHDpro]

Aw come on, I didn't know the problems were this severe until only a few days ago.

And while the main server software is now up-to-date on a few of my servers, I hope
there are no major bugs in the other software (FTP, SSH, Kernel, etc) as I don't exactly
check for updates for those... ever. On some servers I do occasionally run "yum update"
though, but I'm not sure how fullproof that is.

Ah welll, at least I got a firewall running, which at least limits the possible hack attempts
to services that are actually used.