phpBB2

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
chervarium
Posts: 349
Joined: Fri Jan 09, 2004 4:02 am
Location: Sofia, BG, EU
Contact:

phpBB2

Unread postby chervarium » Thu Mar 03, 2005 7:37 am

Yet another problem with phpBB - http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563.
Neko, patch forums.nekochan.net on ASAP basis 'coz I've already gotten one of the forums I host defaced.
LAMMEN GORTHAUR

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Unread postby nekonoko » Thu Mar 03, 2005 10:59 am

No worries - I'm on the mailing list and had the forum patched less than an hour after it was uploaded to SourceForge on the 27th.
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

User avatar
chervarium
Posts: 349
Joined: Fri Jan 09, 2004 4:02 am
Location: Sofia, BG, EU
Contact:

Unread postby chervarium » Thu Mar 03, 2005 11:24 am

Ah, well :).
I am sick of php and the problematic web applications, associated with it, which I have to support.
LAMMEN GORTHAUR

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Unread postby nekonoko » Fri Apr 15, 2005 3:24 pm

phpBB 2.0.14 was just posted - Nekochan's patched and ready.
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Unread postby nekonoko » Fri Jul 08, 2005 12:46 pm

Just wanted to post a follow up here since phpBB updates (and exploits) fall from the sky like rain these days. Here's what I use in .htaccess to help guard against a lot of detritus:

Code: Select all

# prevent access from worms
RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR]
RewriteCond %{QUERY_STRING} ^(.*)highlight=\%27 [OR]
RewriteCond %{QUERY_STRING} ^(.*)\.printf\( [OR]
RewriteCond %{QUERY_STRING} ^(.*)echr(.*) [OR]
RewriteCond %{QUERY_STRING} ^(.*)esystem(.*) [OR]
RewriteCond %{QUERY_STRING} ^(.*)highlight=' [OR]
RewriteCond %{QUERY_STRING} ^(.*)rush=\%65\%63\%68 [OR]
RewriteCond %{QUERY_STRING} ^(.*)rush=echo [OR]
RewriteCond %{QUERY_STRING} ^(.*)wget\%20
RewriteRule ^.*$ http://127.0.0.1/ [L,R=301]

# prevent pre php 4.3.10 bug
RewriteCond %{HTTP_COOKIE}% s:(.*):\%22test1\%22\%3b
RewriteRule ^.*$ http://127.0.0.1/ [L,R=301]

# prevent perl user agent (most often used by santy)
RewriteCond %{HTTP_USER_AGENT} ^lwp* [OR,NC]
RewriteCond %{HTTP_USER_AGENT} ^Python* [NC]
RewriteRule ^.*$ http://127.0.0.1/ [L,R=301]


Of course this is no substitute for joining the phpBB mailing list and keeping up to date (the Sourceforge file update notification being my first choice) but it does keep the server from processing lots of bogus requests which cuts way down on the online "guests" count, bandwidth and server CPU usage.
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest