PDA

View Full Version : Is our forum safe?



willy1
12-30-2004, 01:36 PM
This from over at F@H forums - they've been getting clobbered by the phpBB worm attacks.
latest thread - PW protected their site (http://forum.folding-community.org/viewtopic.php?t=10757)

Bok
12-30-2004, 01:43 PM
Yeah, they are pretty nasty. I told US-D to upgrade their forum too, before they got hit.

We don't use phpBB though, it's vBulletin. I don't know of any exploits for it out there.

Bok

willy1
12-30-2004, 01:48 PM
WW did mention vB in his last sentence, which made me wonder if there were vBulletin attacks going on as well.

I'll trust the worthy admins :notworthy

IronBits
12-30-2004, 02:16 PM
I purchased the upgrade to version 3+ something or other and shipped it off to Dyyryath.
If/when he gets time, he'll take care of it as usual :D

willy1
12-30-2004, 02:40 PM
A little further research shows that vBulletin can possibly be compromised if it exists on the same server as an unpatched or attacked phpBB installation, and if the permissions are not set properly on certain types of files (.htm, .img, etc.) in the vB installation.

I'm sure if Dyyryath is hosting this, we have nothing to worry about.

PY 222
12-30-2004, 03:15 PM
The Santy worm only attack phpBB forums that have a version lower than 2.0.11. See link (http://www.us-cert.gov/cas/techalerts/TA04-356A.html) for more information.

But there is also a vulnerability in the PHP language (http://www.php.net/release_4_3_10.php) that might be a security risk to our vBulletin forum software. If we have PHP version 4.3.10 or version 5.03, then we should be safe. If we don't then I highly recommend Bok or Dyy to upgrade it immediately.

Bok
12-30-2004, 03:33 PM
We are > 4.3.10 and should be fine and Dyyryath will be upgrading vbulletin over the next few days.

:cheers: IB!!

Bok