[76721] in North American Network Operators' Group
Re: Sanity worm defaces websites using php bug
daemon@ATHENA.MIT.EDU (cw)
Tue Dec 21 15:44:42 2004
From: cw <nanog@fidei.co.uk>
To: <nanog@merit.edu>
Date: Tue, 21 Dec 2004 20:47:10 GMT
In-Reply-To: <Pine.LNX.4.44.0412211155280.14470-100000@sasami.anime.net>
Errors-To: owner-nanog-outgoing@merit.edu
Does anyone have any more detail on exactly what this thing does after
it gets into a system?
The cgi platform for a company I use has been hit and the effect is
not just limited to phpBB, it seems to get into the server and then go
through everything it can write to..
I lost a copy of UBB to this worm even though I don't rund phpBB off
the same vhost.
Gonna be a nightmare for server ops to ensure that all client copies
of phpBB are patched..
