On Thu, 2005-03-03 at 01:03 +0100, Alexander Dalloz wrote: ...snip... > See Dave's and Leonard's replies. Your system is owned! :( And as it > looks it is the worm / trojan known to come in by weak phpBB installs. I > would heavily appreciate if you would us all inform how that could > happen. You always installed security updates quickly? Do you have > something running with Apache which can be misused? When the phpBB worm > info came in through bugtraq I installed mod_security to disallow > specific things. It is a nice add-on for Apache (1.3 and 2.0). I use it > to restrict those ways the phpBB worm comes in as some of my users use > that forum software. http://www.modsecurity.org/ is though more general > and not a phpBB protection tool. Worth to have a look at it. > > Alexander ...snip... Awesome, I have checked it out and sent a link to my admin friends. The resources link points to some other excellent info as well. I am in the process of writing a PHP based account management system for a FreeRadius server we will be implementing. Your timing could not have been better. I have built most of the hard parts and put them in abstracted libraries. I have also come up with some good schemes to thwart hackers, by restricting access to "internal" forms from "external" sources, but modsecurity will likely enable me to make the security more robust. Thanks for the heads up.
