Attention Tyboo - Da Nag

S

Sneaks

New member
I got this from my host today. :(

A new worm has been spreading rapidly today that defaces sites running older version of phpBB, and then attempts to spread itself further. There are two solutions to this and all customers running phpBB should take this warning extremely seriously and act on it as a matter of urgency:

Solution 1: Upgrade to phpBB 2.0.11 - http://www.phpbb.com/downloads.php

Solution 2: Use the fix detailed at http://www.phpbb.com/phpBB/viewtopic.php?t=240513

If you are running a version of phpBB earlier than 2.0.11 please ensure that you upgrade or patch your installation. Unpatched installations that are found to have been exploited will be disabled without notice to preserve server integrity.
 
At the bottom of these pages this is posted.

Powered by phpBB 2.0.6 © 2001, 2002 phpBB Group

Looks like we are using something later than phpBB 2.0.11
 
Anna Leigh":rx4to1k9 said:
Powered by phpBB 2.0.6 © 2001, 2002 phpBB Group

Looks like we are using something later than phpBB 2.0.11
Click to expand...

Uh do you folks up in the Northwest have different numbering systems? Or is it a Guemes Island thing, David? Down here we drink from 6 to 11, not 11 to 6. :wink

Ken, phpBB is the software this site runs on.
 
Well, technically, David, you are 100% correct, because .6 is greater than .11 by about .49. However, remember these are nerds you're dealing with. They are so damn smart they skipped right through the first few years of math.

So, in nerdspeak, I guess the 2.0.11 is five minor revisions past 2.0.6. I think Bill might be waiting for the Version 2.1 before he upgrades.

Me, I ain't nerdy enough to worry about this, so I will trust Bill completely in such matters. Maybe I should worry about that!?!

Now if you guys want to pick on one another, go the the Cigar Smoking thread. That's tuning up to be a doozy! I even came up with a couple smart alecky replies to the CA air quality discussion, but I kept them to myself because I have to set an example since I made up the stupid "Be Nice" rule after some folks picked on me on some other thread some other place.
 
Dyslexia strikes again. When I looked at the .11 I reversed it and thought it said .11. Must be the rarified air up north here.
Thanks for keeping me honest Don.
 
Hey Dave, since were both half hogs asses, we gotta stick together. WA6WKL here. In retrospect, I had a few years when I occasionally drank from 11 to 6.... :beer

More nerdie $hit. I once got into trouble responding to an RFP when I accidentally used the word antennae in reference to the multiple antennas on the proposed ELINT system. Insects have antennae, hams (and ELINT systems) have antennas

The nerd world is, indeed, different. More useless trivia: The discs/disks? on early hard drives were constructed with aluminum provided by ... Coors.


Don
 
Yup, I received the CERT advisory on this, and yup - we're vulnerable.

Good news is, I run nightly backups. If we get hit, I can recover losing no more than one days' worth of posts.

Bad news is, running this place is a part-time endeavor, and our version of phpBB is heavily modified - I can't just slap the patch in place without testing. It's on the list of things to do soon, but if we get hit before then, them's the breaks...

Now...if you all want to chip in with hefty dues so I can quit my day job...I'm most definitely interested. :mrgreen:
 
Didn't test as much as I would like, but we're updated. Please report any oddities to me via PM or in this thread.

For those (any?) of you who care about such nerdly things, here's some more info regarding the vulnerability (the "Santy" worm) for which the patch was applied:

CERT Advisory - CERT provides computer professionals (or anyone pretending to be one) with alerts on vulnerabilities as they are reported. These are "high-level" alerts; basically, they inform you of the risk level for a particular exploit, and where to get additional information or updates. If you want to fill up your mail box, go ahead and sign up...

Also, Google has helped out as well - the worm propogates via Google searches that identify vulnerable web sites - Google is now dropping any of these queries. This doesn't directly address the vulnerability that unpatched phpBB web sites have, but since the Santy worm is the primary way this exploit is currently happening, this will help out folks who don't jump on the update bandwagon right away.

Man...what a pain. Think I'll go have a beer. And a cigar. Outdoors, of course.
 
Da Nag":1r12k2kr said:
Please report any oddities to me via PM or in this thread.
Click to expand...

1) B~C
2) Nerds in general

Thanks, Bill. We sure don't want old Santy messin' with us this time of year. After your beer and smoke, you better get DanaG's platypus stuck up on the tree.
 
Da Nag":3iy4cnko said:
Oops...upgrade broke the photo albums. I'll try and get it fixed tonight.
Click to expand...

Damn...5 minutes. I'm good.

Still need a little work on that modesty thing, though... :xnaughty
 
Da Nag":2svvmmms said:
Bad news is, running this place is a part-time endeavor, and our version of phpBB is heavily modified - I can't just slap the patch in place without testing. It's on the list of things to do soon, but if we get hit before then, them's the breaks...

Followed less than 7 hours later by

Didn't test as much as I would like, but we're updated. Please report any oddities to me via PM or in this thread.

Man...what a pain. Think I'll go have a beer. And a cigar. Outdoors, of course.
Click to expand...

:mrgreen: :mrgreen: :mrgreen: You truly proved "Your Nerdness" with this one, Bill. :thup Anything less than high level nerd would have the place vulnerable for at least 24 hours. Especially this close to Christmas.
 
Bill the wonder nerd, I vote we double our yacht club dues

awww Mike, It's always so easy to pick on the mentally handicaped person...I'm normal, it's the rest of the world that's insane :) ...well....maybe Catman is sane also..dunno, maybe
 
Back
Top