This forum vulnerable to new Santy worm??

[Durkatlon]

In case you hadn't seen information on this yet. There's currently a worm called "Santy" which is automatically attacking websites running forum software based on phpBB. It finds sites to attack by doing searches in Google on "viewtopic.php", then exploits a hole in PHP and if successful it overwrites all PHP and HTML files that it can find which are owned by the user running Apache.

 

Obviously Tarzan hasn't fallen victim to this yet (as of time of writing) but you should probably upgrade Apache, PHP and phpBB2 to the latest version as soon as possible to prevent infection.

[thijs]

thanks for the info. i was aware of this, which is why i updated the phpbb to version 2.0.11 quickly :wink:

[Durkatlon]

Ah, cool. Reading the "News" section, the latest I could find was that you upgraded to 2.0.8, so I wasn't sure what had been done since then. Indeed from what I've been reading phpBB v2.0.11 is not vulnerable to this worm. I think they also advise an upgrade of PHP itself to 4.3.10.

 

It seems that a lot of forum software based on PHP gets hacked into all the time if you read security mailing lists like BugTraq and Full-Disclosure, although this is the first time that the attack is automated into a self-propagating worm. I wonder if it's time to kill of PHP in favor of something else for this purpose.