Adam- *scratches phpbb off his list of programs to consider using ;) On 5/4/05, Scott Harney <[EMAIL PROTECTED]> wrote: > Joseph Fruchey wrote: > > Good for motivation. I'll get on that. But my board is owned by phpbb, > > who only has access to the board, afaik. > > phpbb can write files to the directory phpbb owns so it can drop files in > there > and run scripts from there. the exploit I saw drops a nice web based front > end > and installs a shell the controller can telnet too. > > > > > On 5/4/05, -ray <[EMAIL PROTECTED]> wrote: > > > >>On Wed, 4 May 2005, Scott Harney wrote: > >> > >> > >>>phpBB forums below v2.0.13 ARE being actively attacked by automated > >>>scripts. > >>>I cleaned one up recently. If you're running that version, I'd be > >>>surprised > >>>if you weren't yet compromised. You might not have noticed because it > >>>hasn't put any additional load on your box. > >>> > >>>Seen it, in the real world. Was able to determine that the phpBB2 was > >>>exploited on the same day as the patch release to fix the vulnerability > >>>(timestamps on the original files and processes) > >> > >>Ditto. We had to clean up some phpBB installs a few weeks ago after they > >>were exploited. I'd be very surprised if you weren't hacked already. > >>You need to quit reading your email right now and go upgrade. :) > >> > >>ray > >> > >> > >>_______________________________________________ > >>General mailing list > >>[email protected] > >>http://brlug.net/mailman/listinfo/general_brlug.net > >> > > > > > > _______________________________________________ > > General mailing list > > [email protected] > > http://brlug.net/mailman/listinfo/general_brlug.net > > > > -- > Scott Harney <[EMAIL PROTECTED]> > "Asking the wrong questions is the leading cause of wrong answers" > gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5 > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net >
-- Adam Melancon Work: http://www.vermilion.lib.la.us Personal: http://www.melancon.org
