 |
| Register | Login | |||||
 |
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
|
| Register | Login | |||||
|
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
2 users currently in General Chat:  Dark Vampriel |
| Acmlm's Board - I2 Archive - General Chat - NeverEverNoSanity |
 |  |  |
| Pages: 1 2 3 4 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
| User | Post | ||
|
NSNick Laidback Admin Level: 85  Posts: 1500/3875 EXP: 5895841 For next: 2699 Since: 03-15-04 From: North Side School: OSU Since last post: 9 hours Last activity: 1 hour |
| ||
| Well, someone needs to check what version of PHP we're running and update if needed, and ASAP I would think. | |||
Sabishii Koopa Level: 17 Posts: 36/103 EXP: 24001 For next: 742 Since: 05-24-04 From: Cumming, Georgia Since last post: 230 days Last activity: 213 days |
| ||
| About the foreign language clip: Doesn't look Portugese to me, Portugese looks like a Spanish and French mix, but it looks more Italian because of the massive amount of io and ir bits. Spanish has them, but not to the same extremity. Hope we have the most updated version. It would suck massively to have to start over again. |
|||
Ran-chan Moldorm eek, when are they going to stop growing... Level: 143  Posts: 6136/12781 EXP: 35293588 For next: 538220 Since: 03-15-04 From: Nerima District, Tokyo - Japan Since last post: 12 hours Last activity: 12 hours |
| ||
| Especially when I | |||
Karadur Fire Snake  Level: 48  Posts: 376/1192 EXP: 786444 For next: 37099 Since: 11-02-04 From: Chatham, Ontario, Canada Since last post: 1 day Last activity: 15 hours |
| ||
Originally posted by Trapster |
|||
neotransotaku Baby Mario 戻れたら、 誰も気が付く Level: 87 Posts: 1915/4016 EXP: 6220548 For next: 172226 Since: 03-15-04 From: Outside of Time/Space Since last post: 11 hours Last activity: 1 hour |
| ||
| hmm...oh yeah that is right, if the site is we aren't going to lose anything status wise like post counts because that stuff isn't stored in PHP... | |||
|
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 2565/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
| Bah, stupid board lagging making me worry! This doesn't look like something a worm would do.  Worms generally try to upload trojans or other such things to give the attacker control of the site, not just delete some files. Surprisingly, the page it leaves behind appears to contain no browser exploit code. Also, if what Kyouji Craw was saying about it counting the number of sites it's hit, that'd be pretty damn hard for a worm to do. I wonder if it's not just a group of '31337 h4x0r5' trying to look like a worm...Lucky my site hasn't been hit... Of course, if it is, it's not too hard to fix. Connect to FTP, select all PHP files, upload.  I make all changes on local copies of the files before uploading, so I always have the most recent backup.Originally posted by Colleen What versions are affected? (A link, perhaps?) Originally posted by Colleen I'd say that's more of a pattern in the type of sites you've been checking.  |
|||
|
Colleen Administrator Level: 136 Posts: 5721/11302 EXP: 29369328 For next: 727587 Since: 03-15-04 From: LaSalle, Quebec, Canada Since last post: 3 hours Last activity: 1 hour |
| ||
| Actually, it has more to do with the sites that are being posted. Here's the Slashdot entry on the PHP woes. |
|||
|
LizardKing ..of The Carnival Creation  Armet 87/94 Level: 38  Posts: 359/596 EXP: 355646 For next: 14801 Since: 03-15-04 From: Norway Since last post: 4 days Last activity: 13 hours |
| ||
| Heh, my Antivirus program just gave me this message, quite recently: "Networm worm "Santy" is spreading. This worm infects only web servers. It infects online discussion forums running phpBB software and defaces them with a text mentioning "NeverEverNoSanity"." Well, if that's true, then we would not need to worry about it infecting this board anyway.. I haven't been to any of the sites linked to in this thread that has been infected with this, because I don't want to, so I wouldn't know if they're using phpBB or not. |
|||
|
Alastor the Stylish Hey! I made a cool game! It's called "I poisoned half the food, so if you eat you might die!" Have a taco.  Level: 114  Posts: 3796/7620 EXP: 16258468 For next: 51099 Since: 03-15-04 From: Oregon, US Since last post: 2 hours Last activity: 2 hours |
| ||
| Well, at least now we know we're safe (assuming what Rad King Liz posted is correct.) | |||
|
Karadur Fire Snake Level: 48 Posts: 381/1192 EXP: 786444 For next: 37099 Since: 11-02-04 From: Chatham, Ontario, Canada Since last post: 1 day Last activity: 15 hours |
| ||
Well, as long as this board's safe, that alleviates most of the worry. I just looked on google news now, and the earliest something has been written up on this was one hour ago. Here's a link if you can't be bothered to run the search yourself  http://news.google.com/news?tab=gn&q=neverevernosanity&hl=en&lr=&ie=UTF-8&filter=0 Those sites have an explanation of how it works, which is through a special google search. As long as antivirus companies have picked up on it, it's pretty much up to the owners of the sites that got defaced to restore from a backup, then upgrade to PHP 2.0.11. |
|||
dan Snap Dragon Level: 43  Posts: 293/782 EXP: 534516 For next: 30530 Since: 03-15-04 Since last post: 20 hours Last activity: 14 hours |
| ||
| Internet Storm Center has a post about it. Interesting that it uses Google. (edited by dan on 12-21-04 03:05 PM) |
|||
Kitten Yiffer Purple wand Furry moderator Vivent l'exp����¯�¿�½������©rience de signalisation d'amusement, ou bien ! Level: 135 Posts: 6793/11162 EXP: 28824106 For next: 510899 Since: 03-15-04 From: Sweden Since last post: 3 hours Last activity: 4 min. |
| ||
| Heh, the same exploit could be used on any other board that uses PHP of course. But we should be thankful that it's not aiming Acmlm board or anything. And even then, it's not deleting posts and stuff on the board, just the boarcode itself. I think the MYSQL database stays intact. Thought the worm could theoritcally remove the whole database... but I hadn't seen anything saying that it does.  |
|||
|
Ran-chan Moldorm eek, when are they going to stop growing... Level: 143 Posts: 6144/12781 EXP: 35293588 For next: 538220 Since: 03-15-04 From: Nerima District, Tokyo - Japan Since last post: 12 hours Last activity: 12 hours |
| ||
| Good that it only deleting the board code...or? How long can it take for Ace to re-code it? |
|||
|
Kitten Yiffer Purple wand Furry moderator Vivent l'exp����¯�¿�½������©rience de signalisation d'amusement, ou bien ! Level: 135 Posts: 6794/11162 EXP: 28824106 For next: 510899 Since: 03-15-04 From: Sweden Since last post: 3 hours Last activity: 4 min. |
| ||
Originally posted by Trapster...we do have a copy of the board code on his harddrive, it's just to reupload everything. It dosen't take much time to upload either, so it wouldn't be a big lost of time. |
|||
|
Ran-chan Moldorm eek, when are they going to stop growing... Level: 143 Posts: 6150/12781 EXP: 35293588 For next: 538220 Since: 03-15-04 From: Nerima District, Tokyo - Japan Since last post: 12 hours Last activity: 12 hours |
| ||
| Then it doesn | |||
|
DarkSlaya POOOOOOOOOOOORN! Level: 88 Posts: 3023/4249 EXP: 6409254 For next: 241410 Since: 05-16-04 From: Montreal, Quebec, Canada Since last post: 8 hours Last activity: 5 hours |
| ||
| NOt much damage seems to be done, as most of the website I visited that had been attacked are already restored. People have way too much time on their hands  |
|||
|
Kitten Yiffer Purple wand Furry moderator Vivent l'exp����¯�¿�½������©rience de signalisation d'amusement, ou bien ! Level: 135 Posts: 6796/11162 EXP: 28824106 For next: 510899 Since: 03-15-04 From: Sweden Since last post: 3 hours Last activity: 4 min. |
| ||
| Heh... ...actually this worm does semibig damage, the databases should just be fine. Notice that it's just the php part of that site that is affected... |
|||
|
Alastor the Stylish Hey! I made a cool game! It's called "I poisoned half the food, so if you eat you might die!" Have a taco. Level: 114 Posts: 3807/7620 EXP: 16258468 For next: 51099 Since: 03-15-04 From: Oregon, US Since last post: 2 hours Last activity: 2 hours |
| ||
Well that's... Interesting... Heh wouldn't have guessed it would work like that  Hmm... Still I don't think incidents like that would be too common... |
|||
windwaker Ball and Chain Trooper WHY ALL THE MAYONNAISE HATE Level: 61  Posts: 750/1797 EXP: 1860597 For next: 15999 Since: 03-15-04 Since last post: 4 days Last activity: 6 days |
| ||
| http://www.kaspersky.com/news?id=156681162 | |||
|
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 2589/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
| The bugs allow for arbirtary code execution, so they could do anything that a program could do if you just walked up and ran it on the server. The worm doesn't appear to do anything besides change the PHP code, though. |
| Pages: 1 2 3 4 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
| Acmlm's Board - I2 Archive - General Chat - NeverEverNoSanity |
| | |
