Sijun Forums Forum Index
Log in to check your private messages
My Profile Search Who's Online Member List FAQ Register Login Sijun Forums Forum Index

Post new topic   Reply to topic
   Sijun Forums Forum Index >> Digital Art Discussion
View previous topic :: View next topic  
Author   Topic : "Update your php code!!"
Dekard
member


Member #
Joined: 01 Nov 2001
Posts: 274
PostPosted: Tue Dec 21, 2004 7:55 am     Reply with quote
This worm is taking sites down left and right. I know Dhabih may not update this in time.. it's spreading quickly. Just wanted to post a note before it happened. Smile

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=248046


Its called the "NeverEverNoSanity WebWorm"

Recently a serious exploitable issue was discovered in PHP (the scripting language in which phpBB, IPB, vB, etc. are written) versions prior to 4.3.10. The problematical functions include unserialize and realpath. phpBB (along with a great many other scripts including IPB, vB, etc.) use these two functions as a matter of course.

It has come to our attention that code has now been released which uses this exploit in PHP to obtain confidential information in phpBB. Such information includes data contained in phpBB's config.php file. We therefore recommend the following:

1) If you maintain your own server be sure to upgrade to the newest available release of PHP (both versions 4 and 5). Be aware that at this time phpBB 2.0.x has problems functioning under PHP5 without modification.

2) If you pay for hosting ensure you hosting provider has upgraded thier installation of PHP (again remember that phpBB 2.0.x and other scripts will not function under PHP5 without modification).

Please do not submit this PHP issue to our security tracker, it is beyond our control. Fixed versions of PHP do exist and as above we encourage you to ensure your system is running such a version. Equally please examine any "hacking" issues you have carefully to ensure they are not caused by this PHP problem (rather than phpBB). Remember, this is not a phpBB exploit or problem, it's a PHP issue and thus can affect any PHP script which uses the noted functions.
_________________
.::astrochimp.net::.
Back to top
View user's profile Send private message Send e-mail
ceenda
member


Member #
Joined: 27 Jun 2000
Posts: 2030
PostPosted: Tue Dec 21, 2004 8:29 am     Reply with quote
Good call.

Best to PM Sumaleth if you haven't already. I can't remember if it's still hosted on his server though.
Back to top
View user's profile Send private message Visit poster's website
Dekard
member


Member #
Joined: 01 Nov 2001
Posts: 274
PostPosted: Tue Dec 21, 2004 9:11 am     Reply with quote
Done, thanks for the heads up on Sumaleth.. Very Happy
_________________
.::astrochimp.net::.
Back to top
View user's profile Send private message Send e-mail
Sumaleth
Administrator


Member #
Joined: 30 Oct 1999
Posts: 2898
Location: Australia
PostPosted: Tue Dec 21, 2004 3:31 pm     Reply with quote
I'd be surprised if creationstorm hasn't already upgraded this server to php 4.3.10. Because of the security concerns it was pretty much a must-upgrade for all server administrators, and cs has been good at keeping everything up to date.
_________________
Art Links Archive -- Artists and Tutorials
Back to top
View user's profile Send private message Visit poster's website
Dekard
member


Member #
Joined: 01 Nov 2001
Posts: 274
PostPosted: Tue Dec 21, 2004 5:42 pm     Reply with quote
Good to know, didn't want anything drastic happening to the forums. Smile
_________________
.::astrochimp.net::.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Sijun Forums Forum Index -> Digital Art Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




Powered by phpBB © 2005 phpBB Group