Worm makes unwelcome visit..

Article from BBC News: http://news.bbc.co.uk/1/hi/technology/4117711.stm

 

I have over eighteen hundred IP addresses null routed because of this worm.

 

Well not sure whether this worm made a visit to my forum ... but here is the fix to make you less vulnerable http://www.shoutingtalk.com/admin/mods/easymod/php.mod

 

I was hit by this, very nasty, deleted lots of files.

 

Did you have a backup?

 

There are two exploits, there is that one, which the original (not sure about the new varients) doesn't use, and then there is the highlight() exploit, which the wom does use.

The highlight exploit was fixed in 2.0.11, but the other one, which is the unserialze thing that the above patches, is not a phpBB bug, but rather a PHP bug.. so.. that patch is just a workaround. The best thing to do is to get the latest php release, since many many other scripts use that function, but if all you run is phpBB, you may be safe..

Josh

 

That link seems to be dead.

Try this one:

http://www.phpbbstyles.com/viewtopic.php?t=1904

 

There is some more info on this topic on the phpbb forum itself.
There are two things mentioned in there that seem important to do...

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=248046