Neil Turner's Blog

Blogging about technology and randomness since 2002

The phpBB problem

The F-Secure Antivirus Research Weblog has been following the spread of the Santy worm, a Perl script which can infect and deface sites running the forum software phpBB. It’s a popular package, running major sites like Cre8asite and MozillaZine.
If you run phpBB, make sure you have the very latest version (2.0.11) and also have the latest version of PHP (4.3.10) – my host upgraded to this version yesterday in light of the appearance of exploitive code.
It’s reckoned that several thousand communities have been affected by this worm already 🙁 .
Update: F-Secure, who really need better permalinks in their weblog, have made the very good point that this virus could be stopped if Google prevented the worm from conducting searches (its method of spreading).

2 Comments

  1. Well actually php is now on version 5.something – but yes, upgrading the major version would cause problems.
    I spent most of Sunday afternoon playing with this bug in phpbb, seeing just how far I could go with it. And it did seem to depend on the security of the server.
    Lessons learnt from this exploit? Disable perl/cgi scripting if you’re not actually using it ,keep an eye out for security holes in your scripts and know how to upgrade, and remove the default powered-by messages in all scripts.
    Incidently google did block the searches after 7 hours and have appologised for taking so long. 7 hours is too long, but you must understand it’s the holiday period and there are policies and procedures in place.
    Oh, and I’m told it’s a worm not a virus.

  2. Indeed it is a worm – worms use software exploits to spread, viruses use sheer human naivety. And yes, I should have mentioned PHP 5.0.3.