Announcement

Collapse
No announcement yet.

PHPInclude (Santy.C) Worm Attack

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #1

    PHPInclude (Santy.C) Worm Attack

    The site was unreachable for more than an hours, as we got hit by a worm attacking sites with php, an evolution of the Santy.A worm that hit thousands of phpBB sites the last few days

    Luckily for Apolyton, Top40-Charts was being hit from the same worm the last two days and Apolyton was hit after me finding out a way to stop it

    A quick fix has been applied to most pages and I'm now looking at a more thorough solution


    Interested webmasters can mail me about it at my markg at apolyton.net address
    Co-Founder, Apolyton Civilization Site
    Co-Owner/Webmaster, Top40-Charts.com | CTO, Apogee Information Systems
    giannopoulos.info: my non-mobile non-photo news & articles blog
    Tags: None
  • #2
    I'm providing a free service and i'm not a socialist?
    Co-Founder, Apolyton Civilization Site
    Co-Owner/Webmaster, Top40-Charts.com | CTO, Apogee Information Systems
    giannopoulos.info: my non-mobile non-photo news & articles blog

    Comment

    • #3
      Maybe he's talking about how none of the Forum Styles are Red....they are all white/black/green/blue/yellowish. No red
      "Yay Apoc!!!!!!!" - bipolarbear
      "At least there were some thoughts went into Apocalypse." - Urban Ranger
      "Apocalype was a great game." - DrSpike
      "In Apoc, I had one soldier who lasted through the entire game... was pretty cool. I like apoc for that reason, the soldiers are a bit more 'personal'." - General Ludd

      Comment

      • #4
        it's only to make the admin/staff icons and the santa caps look better
        Co-Founder, Apolyton Civilization Site
        Co-Owner/Webmaster, Top40-Charts.com | CTO, Apogee Information Systems
        giannopoulos.info: my non-mobile non-photo news & articles blog

        Comment

        • #5
          I'm glad we came out relatively unscathed.

          Good work Markos!

          Comment

          • #6
            Do they say anything about this on PHP.net? A patch perhaps?
            (\__/) 07/07/1937 - Never forget
            (='.'=) "Claims demand evidence; extraordinary claims demand extraordinary evidence." -- Carl Sagan
            (")_(") "Starting the fire from within."

            Comment

            • #7
              How does this attack work and how can one protect?

              I don't think that I can get affected since I don't include on variables that I have not checked or set before.

              But I have lots of
              PHP Code:
              require(dirname(__FILE__)."/inc.php"); 
              is this a problem?

              Comment

              • #8
                /me nods *

                This worm hit another forum i frequent. Nasty little bugger.

                Comment

                • #9
                  Originally posted by Atahualpa
                  How does this attack work and how can one protect?
                  More info

                  Note that Google has already blocked the specific request that the original Santy.a worm uses, so perhaps Santy.c uses a different one.
                  (\__/) 07/07/1937 - Never forget
                  (='.'=) "Claims demand evidence; extraordinary claims demand extraordinary evidence." -- Carl Sagan
                  (")_(") "Starting the fire from within."

                  Comment

                  • #10
                    Originally posted by MarkG
                    I'm providing a free service and i'm not a socialist?
                    Of course not. You aren't taking resources from others for "the good of the state"...
                    I'm building a wagon! On some other part of the internets, obviously (but not that other site).

                    Comment

                    • #11
                      Originally posted by MarkG
                      it's only to make the admin/staff icons and the santa caps look better


                      Mixing primary colours is a big artistic no-no.
                      Blog | Civ2 Scenario League | leo.petr at gmail.com

                      Comment

                      • #12
                        Originally posted by Comrade Tassadar
                        The Communist Party of Eventis decries Apolytonian exploitation of its people in the form of "Apolyton PLUS!".
                        what! we are exploiting the rich in order to provide a better free service to the masses!!
                        Co-Founder, Apolyton Civilization Site
                        Co-Owner/Webmaster, Top40-Charts.com | CTO, Apogee Information Systems
                        giannopoulos.info: my non-mobile non-photo news & articles blog

                        Comment

                        • #13
                          Originally posted by Urban Ranger
                          Note that Google has already blocked the specific request that the original Santy.a worm uses, so perhaps Santy.c uses a different one.
                          google has taken action against santy.a since the 22nd. still top40 was hit from santy.c (which actually doesnt have anything to do with phpbb) since friday evening and apolyton only got hit last night

                          it seems that there are thousands of servers still hit and trying to infect others

                          Google Search
                          http://www.google.com/search?q=This+site+is+defaced
                          Last edited by MarkG; December 27, 2004, 03:55.
                          Co-Founder, Apolyton Civilization Site
                          Co-Owner/Webmaster, Top40-Charts.com | CTO, Apogee Information Systems
                          giannopoulos.info: my non-mobile non-photo news & articles blog

                          Comment

                          • #14
                            Originally posted by MarkG
                            what! we are exploiting the rich in order to provide a better free service to the masses!!
                            You may be exploiting me but I sure as heck fire ain't rich
                            Which side are we on? We're on the side of the demons, Chief. We are evil men in the gardens of paradise, sent by the forces of death to spread devastation and destruction wherever we go. I'm surprised you didn't know that. --Saul Tigh

                            Comment

                            • #15
                              ssssh! dont destroy the plot!
                              Co-Founder, Apolyton Civilization Site
                              Co-Owner/Webmaster, Top40-Charts.com | CTO, Apogee Information Systems
                              giannopoulos.info: my non-mobile non-photo news & articles blog

                              Comment

                              Previous 1 2 3 template Next
                              Working...
                              X