Slashdot Mirror
Mass Website Hack Compromises 200,000 Sites
Stony Stevenson writes "Hot on the heels of a recent hack in which 10,000 sites were compromised, researchers have disclosed a new large-scale attack. Researchers at McAfee estimated that the attack has been active for roughly one week, and in that time frame has managed to place itself on roughly 200,000 web pages. Most of the infected pages are running the phpBB forum software, said McAfee. The compromised pages are embedded with a Javascript file that links to the site hosting the attack."
Back in the later months of 2001 we experienced a gradual realization that there was something quite amiss about our government's response to terrorist threats which resulted in the disaster of September of that year. It turns out that not only did we know that there would be a terrorist attack, but we had credible leads indicating who and how it would be carried out. But the lack of information sharing led to disaster.
Here too, we have a threat which is already running wild. Thousands of websites are being attacked. Unfortunately, this article, like many which abound in the security theatre online media, is long on consequences and short on details. Someone knows how the attack spreads, but they aren't sharing the means of stopping the attack.
This article and its lack of content does as much to spread fear and chaos among computer users as the actual attack. These are technical problems which can be fixed. By not being clear about the threat, the article turns hackers into bogeymen that can't be stopped. Give some better info, tell us how to close the hole, and let us get back to work.
My old phpBB forum got hacked. Wanna know why? Cuz I used the auto-installing plugin that my host provided. It was about 20 versions behind and they NEVER updated it. So it had a gaping security hole in it. And guess what else! I couldn't patch it because it was considered some sort of embedded plugin that I couldn't tocuh the system files of. I had to install a fresh, updated version and phpBB and then copy the database over AND alter the database manually to reflect all the changes between between versions, which was a major pain in the ass. Needless to say I was pissed. Oh and I tried to sue/have arrested those Zone-H assholes that posted it like it was some sort of trophy case but apparently they're not hosted in the US so I dropped it. I would be willing to guess that every single hack was because of outdated phpBB quick installs like ipowerweb makes available on their servers.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
It's a good think slashdot is immu PENI5 PILLS FREE WITH DISCOUNT MORT6A6ES! PENISFREE@OFFER.COM NOW!
Table-ized A.I.
It's the same reason hackers devote so much time exploiting Windows - more bang for your buck. phpBB is everywhere.
Perhaps they should rename it to PenguinBB so that hackers ignore it. Better yet, EmacsBB (or does it already have one builtin?)
Table-ized A.I.
Please tell us more about this whole free porn thing that you mentioned.
200,000 web pages is not the same thing as 200,000 web sites.
Mea navis aericumbens anguillis abundat
The title (which appears to be the only part the submitter actually "authored") is incorrect and conflicts with the text it quotes. An estimated 200,000 pages (most likely individual posts in phpBB forums) are out there, not sites.
According to this video, the pages are being inserted via SQL injection attacks. The 200k pages is based on a google search (he does not reveal what criteria he is searching for) which came back with 150k hits. So it is not clear how many actual sites are compromised. One could assume that once a phpBB site is compromised, every page of every thread, which is analogous to individual web pages, would redirect to the worm download site. A popular forum could easily have several thousand thread-pages. In fact, every single page would probably be redirecting, which would include each user's summary page (which would be in the thousands for even a small site). So a small number of cites could be accounting for all the 200k pages.
Also, in the video it is clear from the url that it is a phpBB2 site that is compromised. phpBB is currently at a major version of 3.
Better known as 318230.
But I've made some modifications to my install. I replaced the registration and profile pages with a web form that posts to an Email parser. There was a lot of activity the last few days, spam registrations out the yang.
It's funny because to them it looks like the registration page and they keep running scripts against it. I block the IP ranges of the spam registrations at the boundary but they just keep block hopping.
They'll still get a script reg through sometimes, so there's something I'm missing. I could just install the security updates but it's so much more fun to try and tweak it myself.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
It's the same reason hackers devote so much time exploiting Windows - more bang for your buck. phpBB is everywhere.
Except that popularity != exploitability. Many people think that software is like a safe - if you grind at it long enough, eventually it'll open. Software isn't like that. You can grind at software forever and it won't change anything unless you actually find a vulnerability - a case not handled by the software.
For example, MySQL is much more popular online than Microsoft SQL. Yet MS-SQL gave rise to the slammer worm while the vastly-more-commonly-installed MySQL has not ever been infected by anything anywhere near the same magnitude. (Yes, there have been a few. They didn't get very far)
The formula is NOT:
Popularity = Exploited.
It's more like
Popularity * Bad Design = Exploited.
And even bad software can eventually be cleaned up. Sendmail used to be a security nightmare. But despite its position as the #1 mail server software on the Internet, it's been quite a few years since any serious vulns were exploited.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
And then, you read the top of the report and discover that all this is old news, that you've been only reading spam for the last two years.
For a second, you think that humanity may not be the mass of morons you thought. That patching the bug will let you access the real, intelligent, acute comments of human forums.
Then, as the patch starts to work, you see those comments; the beauty of human forums brings a tear to your eye. As you start posting, you feel unable to write, your keyboard doesn't seem to work.
You then understand you were just another spam generator, and the patch is killing you.
Fade to black.