Joseph Fruchey wrote:
> Terry,
>
> Yeah, I know my version is out of date, but my board is lightly
> trafficked, and I've had no problems with worms or anything. The spam
> I mentioned was generated from a blog I had set up with comments
> routed through the board, not a phpBB attack.
phpBB forums below v2.0.13 ARE being actively attacked by automated scripts. I
cleaned one up recently. If you're running that version, I'd be surprised if
you weren't yet compromised. You might not have noticed because it hasn't put
any additional load on your box.
Assuming your phpBB2 forums are owned by user "apache" or "www". they will be
able to run scripts, etc with those permissions. do a "netstat -anlp | grep
LISTEN" to see if you have ports and processes open you don't know about. ps
ax could be interesting too. I'm assuming that they wouldn't have use a further
local shell exploit to get root and install a rootkit thus hiding netstat and
ps output. Check your phpBB2 directories for stuff that doesn't fit, like a
subdirectory called "Mail". You may find a mailer form and stuff related to
performing phishing attacks from your server.
Seen it, in the real world. Was able to determine that the phpBB2 was
exploited on the same day as the patch release to fix the vulnerability
(timestamps on the original files and processes)
How's that for motivation?
>
> But yes, I will update one day, when I have the time and motivation.
>
> Joey
>
> On 5/4/05, Joey Kelly <[EMAIL PROTECTED]> wrote:
>
>>>In my case, it is "Cox or nothing" -- DSL isn't available in my
>>>neighborhood ("it's all over Baton Rouge, oh, you're in Shenandoah, it just
>>>doesn't work there"). If I screw around with running servers and lose my
>>>Cox account, it would be back to dialup.
>>
>>Again, Linux geeks they don't care about. Ask Scott... he used to be the admin
>>for Charter, the cable company in Slidell, and he only worried about
>>trojanned windows boxen spewing garbage. I know for a fact that the admin for
>>Cox in New Orleans doesn't care about responsible Linux users either (he's on
>>our list, in fact).
>>
>>--
>>
>>Joey Kelly
>>< Minister of the Gospel | Linux Consultant >
>>http://joeykelly.net
>>
>>"I may have invented it, but Bill made it famous."
>> --- David Bradley, the IBM employee that invented CTRL-ALT-DEL
>>
>>
>>_______________________________________________
>>General mailing list
>>[email protected]
>>http://brlug.net/mailman/listinfo/general_brlug.net
>>
>>
>>
>>
>
>
> _______________________________________________
> General mailing list
> [email protected]
> http://brlug.net/mailman/listinfo/general_brlug.net
>
--
Scott Harney <[EMAIL PROTECTED]>
"Asking the wrong questions is the leading cause of wrong answers"
gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
