phpbb Sanity/Santy worm

Board policies and official announcements about Chiff and Fipple and the forums. Please read!
Post Reply
User avatar
rich
i see what you did there
Posts: 609
Joined: Mon May 14, 2001 6:00 pm
Please enter the next number in sequence: 1
Location: Toronto, Ontario
Contact:

phpbb Sanity/Santy worm

Post by rich »

You may have heard about the new <a href="http://news.bbc.co.uk/1/hi/technology/4 ... stm">phpbb worm</a> that's making the rounds. (Here's a more <a href="http://isc.sans.org/diary.php?date=2004 ... >technical writeup</a> if you're so inclined). We're running phpbb here on the forums, so there's good news and bad news.

The good news is that we aren't vulnerable to the bug that the worm exploits. The phpbb authors released a fix for that on November 18th, and I applied it the same day. The damage the rest of the 'net is seeing is from people who run phpbb but don't keep things up to date, and there are a <i>lot</i> of those.

The bad news is that that doesn't stop other infected hosts from <i>trying</i> to attack here. We've only had a couple of bad days of that. Yesterday (Dec 30) was one of them; where we usually only see 15-20 guests on the forum, we hit a high of 969 at some point yesterday, and where we usually only see from 600MB to 1GB of bandwidth usage per day, yesterday saw 12GB!

Our web hosting package at <a href="http://www.dreamhost.com/">Dreamhost</a> gives us 192GB/mo transfer so it's not an emergency, but there's still going to be an impact on the site's performance from that traffic, so I'm going to be seeing what I can do to reduce the impact. While I try to get things working you might find yourself receiving 403 Forbidden errors while trying to view threads. Those should be temporary.

Happy new year to all!

-Rich
Post Reply