Web Site Hack

Post by **Weygold** » Tue Dec 21, 2004 11:34 am

There was an exploit in the board scripts that was used to overwrite EVERY php and html file in the entire web site last night.

The site should be back up now and working properly. The exploits have been patched, and all themes for this board have been removed until I can get around to patching those as well.

Post by **Librarian** » Tue Dec 21, 2004 7:28 pm

Santy worm defaces thousands of sites

http://www.theregister.co.uk/2004/12/21/santy_worm/

By John Leyden
Published Tuesday 21st December 2004 23:38 GMT

A worm which attacks web servers running the popular phpBB discussion forum software to deface vulnerable systems spread widely across the net today.

The Santy worm searches for vulnerable forum sites using Google. When a suitable target is found, Santy uses a remote exploit to gain access and deface it before resuming its scanning activity. Content on defaced sites is replaced by the following text string.

"This site is defaced!!!" NeverEverNoSanity

Apart from defacing infected sites with this text, the worm has no payload. It will not infect PC used to view infected sites. F-Secure, the Finnish anti-virus firmm estimates there more than one million sites use the vulnerable phpBB software, of which tens of thousands have already been defaced. Users of phpBB are advised to update to version 2.0.11. ®

Post by **davisherm** » Wed Dec 22, 2004 1:44 am

I figured it was something like that. Kudos on getting everything back up and running so quickly.

Post by **Librarian** » Wed Dec 22, 2004 8:12 am

Thanks. It gave me a chance, also, to do some housecleaning. Wb is going to look at additional themes, as am I, and I'll apply the mods to them.

Her board also got cleaned out, so I'll apply the same themes and mods to hers as well. That way it'll be easier to maintain both.

Post by **Stormy** » Wed Dec 22, 2004 10:46 am

I missed the actual attack portion of the show - been fighting the flu/cold and have been on rather sporadically. At least it didn't have a payload to attack users too.
Oh, I don't see spell check yet - are you going to put it back or was it one of the vunerable areas?

Stormy

Post by **Wbdsgnr1** » Wed Dec 22, 2004 4:33 pm

my roommate was the first one who noticed the site being defaced and woke me up, man i have never shot out of bed so fast!!

but i called librarian and left him online messages about the attack.
I hate seeing crap like that happen to my online home

blessed be

Post by **Librarian** » Wed Dec 22, 2004 6:54 pm

Everything will come back, and then some.

Post by **Librarian** » Thu Dec 23, 2004 9:08 am

Ok! We have themes back up again. A couple of "dark" ones for Wb, one for those who have older eyes, and, my favorite, noteBored.

Post by **Wbdsgnr1** » Thu Dec 23, 2004 8:51 pm

YAY dark ones for me. yay yay yay

blessed be

Post by **davisherm** » Sat Dec 25, 2004 8:42 pm

did my emails actualy make it through?

I sent one to webmaster and one to webmistress and didn't get a bounceback, but I wasn't sure if those were still in use.

Post by **Wbdsgnr1** » Sun Dec 26, 2004 8:45 am

the webmaster is Librarian and the webmistress is me..... I haven't checked that email account of mine in a while but I will here in a few moments Davish.

blessed be

Post by **Librarian** » Sun Dec 26, 2004 9:44 am

No wonder! I sent you an email at your excite address. Go! Go check now!

Post by **Wbdsgnr1** » Sun Dec 26, 2004 3:11 pm

i didnt get an email from you at that address..... but I did get 2 ecards from you from the webmistress@paganlibrary.com address.

And i called to thank you, so maybe YOU need to check your voicemail and try calling me back! ha ha

blessed be

The Pagan Library

Web Site Hack

Web Site Hack

Apparently, we are not alone.

Who is online