Prenosim sa: http://www.phpbb.com/phpBB/viewtopic.php?t=348139

Techie-Micheal

There appears to be a new worm on the loose. If your phpBB has been defaced, please do the following:

1. Immediately get full backups of your entire website including phpBB
2. Immediately get full backups of your database
3. Get log files
4. Do not delete anything!
5. Do not use these backups to restore your site.
6. These backups are to be used to send to the Incident Investigation Team, and only the Incident Investigation Team. If the poster asking for logs or backups does not have a Support Team rank, do not do anything they tell you to do.
7. PM NeoThermic or myself to tell us you need assistance. Do not post in support asking for help.
8. Close your website (including phpBB!) until the IIT tells you it is okay to reopen.
Users on 2.0.18 are not affected - this is targetting those forums still on versions around 2.0.10 at present.

If something has been modified or deleted after an attack, we will not be able to assist you. The reason for this is that evidence has been tampered with and information we needed is now missing. It is very important you do not modify or delete until we say it is okay. The more information we have about this worm, the quicker we can help others.

We know this worm has filesystem access and potentially drops files which may be backdoors or rootkits. It is very important that you do not delete or modify these files or anything else. As noted above, the more information we have about this worm, the quicker we can help others.

Kako se koji novi post pojavi na originalnoj temi, tako ga dodajem u ovaj.

mi vć istražujemo ovaj slučaj.

hvala na suradnji.
pozdrav, SC

Uf.
Pardon, ispričavam se ako je tema već pokrenuta na forumu, nisam vid'la [ako je]. :o

sve je ok, nije pokrenuta na forumu.

dapače vrlo dobra informacija za ostale forumaše.

pozdrav i hvala, SC

Prenosim sa: http://www.phpbb.com/phpBB/viewtopic.php?t=348139

Techie-Micheal

As an update, we are seeing a few things in the course of our investigation.

- Tried and tested Santy and its variants are still out there.
- A new worm which I commented on (http://isc.sans.org/diary.php?storyid=834) back on November 10 at the ISC. This would explain the recent actions Google took to block searches for phpBB.
- Kaiten, Mare, and others which have been hitting AWStats, XML-RPC, Mambo, and other vulnerabilities hard recently are now hitting old phpBB vulnerabilities.

We will continue to assist those attacked. Per the Merry Christmas and Happy New Year! (http://www.phpbb.com/phpBB/viewtopic.php?t=351659) announcement, some of us will be out with family and friends. To those who have not heard from us yet, I will be getting back to you very soon. I've had college exams which unexpectedly took more time that expected, so I apologize for that.

Vecer,

samo da i sluzbeno kroz nas forum obavijestimo korisnike.

Nocas je poslan svima mail koji imaju verziju foruma manju od 2.0.18.

Uputa za nadogradnju:
- molimo Vas da sa sluzbene stranice http://www.phpbb.com/downloads.php (http://www.phpbb.com/downloads.php) napravite download phpbb foruma Patch File Only verzija i prema uputama napravite nadogradnju na najnoviju verziju!
- odaberite zip verziju
- napravite download
- raspakirajte zip lokalno
- napravite upload sadrzaja odzipanog direktorija na svoj web u direktorij gdje se nalazi Vaš forum (ovo je vrlo bitno).

- i na kraju pokrenite sljedecu skriptu: /install/update_to_latest.php

npr. www.VasaDomena.com/VasForum/install/update_to_latest.php (http://www.VasaDomena.com/VasForum/install/update_to_latest.php)

Nakon nadogradnje potrebno je pobrisati SAMO direktorije i datoteke koje ste koristili za nadogradnju Vaseg foruma.

Molimo sve korisnike da to odrade što je prije moguce kako bi imali najnoviju verziju foruma.

srdacan pozdrav, SC

Kreirali smo skriptu koja Vas svaki dan obavještava sa detaljnim uputama kako napraviti upgrade foruma.

Molimo Vas da odradite upgrade svojih foruma.

Hvala, pozdrav, SC