[nycphp-talk] Help... NeverEverNoSanity WebWorm generation 8.
Chris Shiflett
shiflett at php.net
Thu Dec 23 21:11:16 EST 2004
--- "Alan T. Miller" <amiller at criticalmedia.biz> wrote:
> It looks like I got slammed by some new PHP vulnerablity. It first
> appeard that what it did was to replace all your index pages with
> its own that proclaims "This site is defaced!!!" and then includes
> ... "NeverEverNoSanity WebWorm generation 8.".
[snip]
> Anyone have any information about this, how to fix, how to clean
> this up, how to prevent (other than the obvious upgrade your PHP
> the absolute minute an update comes out?).
I believe this is due to a security vulnerability in phpBB that is made
much worse by the vulnerability in PHP 4.3.9. PHP has an upgrade
available, so you can upgrade to that. I'm not sure if phpBB has a fix
yet, but this surely won't be the last hole anyway. :-)
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
More information about the talk
mailing list