Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
The Internet Security

Mass Website Hack Compromises 200,000 Sites 153

Posted by Zonk from the that-is-a-lot-of-angry-pr0n-bots dept.
Stony Stevenson writes "Hot on the heels of a recent hack in which 10,000 sites were compromised, researchers have disclosed a new large-scale attack. Researchers at McAfee estimated that the attack has been active for roughly one week, and in that time frame has managed to place itself on roughly 200,000 web pages. Most of the infected pages are running the phpBB forum software, said McAfee. The compromised pages are embedded with a Javascript file that links to the site hosting the attack."
This discussion has been archived. No new comments can be posted.

Mass Website Hack Compromises 200,000 Sites More

Mass Website Hack Compromises 200,000 Sites

Comments Filter:

  • Re:punBB (Score:2, Interesting)

    by boost1 ( 1035958 ) on Monday March 17, 2008 @11:30PM (#22779986)
    Yeah, I installed it way back in the days and forgot it was on my website. I have now gotten several emails from my domain host stating attacks on it using an exploit in phpBB.

  • why this happens (Score:5, Interesting)

    by ILuvRamen ( 1026668 ) on Monday March 17, 2008 @11:35PM (#22780020)
    My old phpBB forum got hacked. Wanna know why? Cuz I used the auto-installing plugin that my host provided. It was about 20 versions behind and they NEVER updated it. So it had a gaping security hole in it. And guess what else! I couldn't patch it because it was considered some sort of embedded plugin that I couldn't tocuh the system files of. I had to install a fresh, updated version and phpBB and then copy the database over AND alter the database manually to reflect all the changes between between versions, which was a major pain in the ass. Needless to say I was pissed. Oh and I tried to sue/have arrested those Zone-H assholes that posted it like it was some sort of trophy case but apparently they're not hosted in the US so I dropped it. I would be willing to guess that every single hack was because of outdated phpBB quick installs like ipowerweb makes available on their servers.

  • Re:'social engineering' (Score:2, Interesting)

    by enoz ( 1181117 ) on Tuesday March 18, 2008 @12:37AM (#22780300)
    For the longest time phpBB did not even have the option to force users to authenticate their email address let alone use any captcha on the registration page. For this reason many existing phpBB forums are flooded with fake accounts, and possible these were used in order to post the links or malware.

  • I'm running phpBB (Score:5, Interesting)

    by HangingChad ( 677530 ) on Tuesday March 18, 2008 @12:46AM (#22780352) Homepage

    But I've made some modifications to my install. I replaced the registration and profile pages with a web form that posts to an Email parser. There was a lot of activity the last few days, spam registrations out the yang.

    It's funny because to them it looks like the registration page and they keep running scripts against it. I block the IP ranges of the spam registrations at the boundary but they just keep block hopping.

    They'll still get a script reg through sometimes, so there's something I'm missing. I could just install the security updates but it's so much more fun to try and tweak it myself.

  • The attack modifies the forum title (Score:5, Interesting)

    by The Famous Brett Wat ( 12688 ) on Tuesday March 18, 2008 @02:17AM (#22780640) Homepage Journal

    According to this video, the pages are being inserted via SQL injection attacks.

    When this news broke last night (my local time), my heart skipped a beat because one of my phpBB instances isn't totally up to date, so I did a quick bit of research to see if I could fill in the massive blanks left by this report. Yes, it does look like an SQL injection attack: the attack appends a SCRIPT tag to the forum's main title, which is inserted into various locations on every page from a database field. Due to one thing and another this results in some hideously malformed HTML, but it has the desired effect (of executing the Javascript) in the major browsers. I suspect that the search in question is a Google "intitle:" search which keys off the domain name of the site carrying the exploit code, since this becomes a visible part of the title.

    I have no idea exactly how the SQL injection is being effected, but my phpBB forum was not impacted. This may be because my version is not too old, because I lack a vulnerable add-on module, or because my custom anti-bot mechanisms deflected the attack. I couldn't see anything in the past few days of log activity which contained key strings used in the exploit, but I didn't search very hard once I determined that my instance was unaffected.

  • Re:'social engineering' - site down-Google mirror (Score:-1, Interesting)

    by Anonymous Coward on Tuesday March 18, 2008 @04:13AM (#22780942)
    Confused.me.uk is now down however looking at the Google mirror [64.233.183.104] (taken 03-03-2008 08:40 PM) - we can see that this guy wasn't kidding!!!!!

    Registered Members: 14333
    Total Threads: 8729 | Total Posts: 23375
    Welcome to our newest member, RatRulkyPaurl

    There are currently 0 members and 3 guests on the boards. | Most users ever online was 558 on 06-28-2007 at 08:05 PM.

    Happy belated birthday fdaaproved, newrings, skinonlin!!!!

Slashdot Top Deals

The key elements in human thinking are not numbers but labels of fuzzy sets. -- L. Zadeh

Close