From owner-freebsd-security@FreeBSD.ORG Tue Dec 28 01:28:21 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7008816A4CE for ; Tue, 28 Dec 2004 01:28:21 +0000 (GMT) Received: from stelesys.com (web1.stelesys.com [63.175.100.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id E039843D39 for ; Tue, 28 Dec 2004 01:28:20 +0000 (GMT) (envelope-from jerry@syslog.org) Received: from [127.0.0.1] (helo=www.stelesys.com) by stelesys.com with esmtpa (Exim 4.43 (FreeBSD)) id 1Cj69n-000IDz-S3; Mon, 27 Dec 2004 20:28:15 -0500 Received: from 24.98.86.57 (SquirrelMail authenticated user jerry@syslog.org); by www.stelesys.com with HTTP; Mon, 27 Dec 2004 20:28:15 -0500 (EST) Message-ID: <2990.24.98.86.57.1104197295.squirrel@24.98.86.57> In-Reply-To: <34657.24.230.37.14.1104187002.squirrel@24.230.37.14> References: <34657.24.230.37.14.1104187002.squirrel@24.230.37.14> Date: Mon, 27 Dec 2004 20:28:15 -0500 (EST) From: "Jerry Bell" To: estover@nativenerds.com User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal cc: freebsd-security@freebsd.org Subject: Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Dec 2004 01:28:21 -0000 The update for phpbb came out a while ago, and it looks like the ports were updated on 11/25/2004. Have you tried updating the ports? I think this is already addressed. On a side note, I'm suprised you didn't get hit by the worm (unless it happened before the worm came out). There is a new worm out now that attacks some weak php programming, though it's not very widespread. See http://www.syslog.org/Article10.phtml for a little more detail. I don't know if it's a worm or not, but I'm seeing people trying to attack my site pretty frequently lately. Best regards & happy holidays, Jerry http://www.syslog.org > I think, there is a neat exploit in the phpbb2.0.8 because I found my home > page defaced one dark morning. The patch for phpBB is here. > http://www.phpbb.com/downloads.php > > The excerpt of the log is attached. > > I believe the link to the described exploit is here. > http://secunia.com/advisories/13239 > > The defacement braggen page is here filter to show the exploited FreeBSD > machines that aneurysm.inc has defaced > http://www.zone-h.org/en/defacements/filter/filter_defacer=aneurysm.inc/filter_system=FreeBSD/page=1/ > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" >