____/ Linonut on Thursday 13 March 2008 22:54 : \____
> * Roy Schestowitz peremptorily fired off this memo:
>
>> ____/ Chris S. on Thursday 13 March 2008 21:27 : \____
>>
>>>> Did you put something on his pages?
>>>
>>> It's NOT visable. It's a transparent HTML piece of code. Just opening the
>>> main page will invoke it. My OneCare caught it and "cleaned" it. Your
>>> Milage may Vary.
>>
>> This was found last night. My very out-of-date installation of phpBB got
>> exploited (first time any of my software gets exploited in 7 years of
>> running
>> sites on BSD and Linux). I've cleaned most stuff up, but I'm styill working
>> with the Web host to get rid of what's left. Script kiddies snuck in extra
>> markup that points to some other domain (via iframe) -- whatever it actually
>> does. This will be resolved by the weekend.
>>
>> Thanks for the headsup, Chris.
>
> Well, good, at least /he/ wasn't the one doing the damage.
>
> I think.
The main page is not affected, but some others still have the <iframe> crapola
injected. The script kiddies who were messing up with phpBB seem to have come
from Italy (I'd have to look at the logs more carefully). I really should have
just patched phpBB... haven't done this _for years_. Complacency is dumb.
Well, there's always the first time to learn from. And phpBB is rather
notorious, especially version 2 which sees many patches released.
--
~~ Best of wishes
Roy S. Schestowitz | What is all that lipstick in XP's close button?
http://Schestowitz.com | GNU/Linux | PGP-Key: 0x74572E8E
Swap: 1510068k total, 712700k used, 797368k free, 71164k cached
http://iuron.com - next generation of search paradigms
|
|
