Welcome to the MacNN Forums.

Ghoser777 · Dec 21, 2004, 01:40 PM

Go to www.fahrenbacher.com and see for yourself

Well, I guess something was insecure enough on my linux box for that to happen... I just don't know what.

Disgruntled Head of C-3PO · Dec 21, 2004, 01:46 PM

why would they bother just to do something boring like that?

ManOfSteal · Dec 21, 2004, 01:53 PM

They must want Meteorologist updated from it's original creator...

spiky_dog · Dec 21, 2004, 02:16 PM

Originally posted by Disgruntled Head of C-3PO:
why would they bother just to do something boring like that?

it's an automated attack on sites running phpbb, i think. or maybe there's some other link. i just know that one of the sites i visit daily, the forums at cameracourage.com, also was hit by this attack.

[searches] yup, it's phpbb that's the vector: http://www.infoworld.com/article/04/...ntyworm_1.html

The worm, dubbed Santy.A, uses a vulnerability in a popular free software package called phpBB to spread across the Internet, infecting computer servers that host online bulletin boards and defacing those sites with the words "This site is defaced!!! NeverEverNoSanity WebWorm."

kosmonaft · Dec 21, 2004, 03:30 PM

Is there a way we can prevent this from happening again in Linux?

GFitzy · Dec 21, 2004, 03:46 PM

more info here: http://secunia.com/advisories/13481/

-gfitzy

The Milkman · Dec 22, 2004, 12:48 AM

Net Worm Uses Google to Spread: Slashdot.org

sir_hc · Dec 22, 2004, 04:12 AM

If it is is phpBB then it is all versions under 2.0.11 that are vulnerable. It is documented on the phpBB site here and there is now 2.0.11 fix released that can be downloaded from here.

I run a web host and I strongly advised all my cients to upgrade and not just perform the code swap fix. So far only one site got attacked in this way.

(Sorry pasted a wrong link just now - all fixed.)