1 頁 (共 1 頁)

[建議]強烈建議未升級用戶盡快升級到phpBB 2.0.20

發表於 : 2006-04-29 20:25
Mowd
今天我在檢查Apache 的 error.log 時,意外發現裡面有許多重複的字串
'wget' 不是內部或外部命令、
可執行的程式或批次檔。
後來發現他是利用舊版 phpBB 的 highlight 漏洞,可以執行任意程式碼,還好我的主機是 Windows,如果是 UNIX,將會下載一個 perl 程式,屆時不知將對主機造成多大的損害,所以請大家盡快升級你手邊的 phpBB,不然哪天自己的伺服器被當跳板或是做了什麼事,自己都不知道。

比較可怕的是,當我移除了舊版的 phpBB 後,攻擊仍然在持續著,而且攻擊個不是只有單一 IP,而是從四面八方而來幾十個甚至上百個不一樣的 IP 在持續存取已經不在的頁面,所以不要心存僥倖想說自己不會遇到這種事,連我這種沒啥人氣的小論壇也會這樣了,就別說各位的論壇會怎樣了... :-P

發表於 : 2006-04-29 21:05
cvk307
請問2.0.19會有這個問題嗎?

因為我才剛架!

所以還在想要不要升級!

發表於 : 2006-04-29 21:53
jwxinst
最好盡快升級2.0.20

To Mowd大,
看來...有一群黑客又要黑phpBB....

發表於 : 2006-04-29 22:55
chiouss
看到這個消息趕快翻翻自己已經有 2MB 的 error.log (好久沒清了 :Q),看來最近也有病毒專打 IIS?

代碼: 選擇全部

210.77.65.93 - - [29/Apr/2006:10:36:45 +0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 " 404 328

代碼: 選擇全部

210.77.65.93 - - [29/Apr/2006:10:36:52 +0800] "GET /NULL.printer HTTP/1.0 " 404 303
這種攻擊超多的... Orz

先把 192.168.1.10/24 還有幾個來源以外的地方擋下來再說...

--
順便把 404 導到 crash_ie.html 去 XD

發表於 : 2006-04-30 01:03
~倉木麻衣~
chiouss 寫:看到這個消息趕快翻翻自己已經有 2MB 的 error.log (好久沒清了 :Q),看來最近也有病毒專打 IIS?

代碼: 選擇全部

210.77.65.93 - - [29/Apr/2006:10:36:45 +0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 " 404 328

代碼: 選擇全部

210.77.65.93 - - [29/Apr/2006:10:36:52 +0800] "GET /NULL.printer HTTP/1.0 " 404 303
這種攻擊超多的... Orz

先把 192.168.1.10/24 還有幾個來源以外的地方擋下來再說...

--
順便把 404 導到 crash_ie.html 去 XD
這不是已經好幾年前的漏洞了嗎 v_v
何況現在大部份這種的攻擊都是跑程式的, 已經很少有人會親自開瀏覽器上來跟你玩了
再者, 這些也都是無差別式的攻擊, 主機不是用IIS就不用去理它了

發表於 : 2006-04-30 03:03
chiouss
~倉木麻衣~ 寫:這不是已經好幾年前的漏洞了嗎 v_v
何況現在大部份這種的攻擊都是跑程式的, 已經很少有人會親自開瀏覽器上來跟你玩了
再者, 這些也都是無差別式的攻擊, 主機不是用IIS就不用去理它了
不知道,但是聽說這種病毒開到 crash_ie.html 也會掛掉 XD

發表於 : 2006-05-01 10:27
fankun
晚了,我的已經被黑了

發表於 : 2006-05-01 11:47
computer315

代碼: 選擇全部

"網路病毒","00:16:32","TCP","220.134.137.54","3792","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","00:41:33","TCP","220.134.137.54","4285","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","02:16:51","TCP","220.134.49.44","2138","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","02:41:45","TCP","220.134.137.54","1252","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","03:04:54","TCP","220.134.49.44","1624","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","03:13:42","TCP","220.134.49.44","1627","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","03:33:09","TCP","220.134.137.54","3407","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","04:23:20","TCP","220.134.49.44","4560","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","04:23:50","TCP","220.134.49.44","1124","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","05:45:49","TCP","220.134.137.54","1485","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","05:55:17","TCP","220.134.137.54","1092","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","06:14:47","TCP","220.134.49.44","1716","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","08:16:51","TCP","220.134.49.44","4238","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","08:19:28","TCP","220.134.49.44","2657","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","08:32:45","TCP","220.134.49.44","2829","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","08:58:34","TCP","220.162.107.223","2184","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","09:02:01","TCP","220.134.137.54","3295","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","09:44:39","TCP","220.134.49.44","4364","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
最近一直被這個攻擊...不過防火牆都攔了下來
剛才裝了修正檔,感覺好多了:http://www.microsoft.com/downloads/deta ... E663A53698


我可不希望電腦像上回被人控制-.-

發表於 : 2006-05-01 12:59
chiouss
computer315 寫:最近一直被這個攻擊...不過防火牆都攔了下來
剛才裝了修正檔,感覺好多了:http://www.microsoft.com/downloads/deta ... E663A53698
我可不希望電腦像上回被人控制-.-
ASN.1 啊?我都叫 Kaspersky 被攻擊就直接把對方擋下來一小時,不用回報 (反正回報了也沒有用,看爽的而已)。不過話說我 Windows Update 都已經裝了,上回還是發現中了某早期病毒... Orz

--
所以我才把 NAV 換成 Kaspersky 的...

發表於 : 2006-05-02 01:50
computer315
chiouss 寫:
computer315 寫:最近一直被這個攻擊...不過防火牆都攔了下來
剛才裝了修正檔,感覺好多了:http://www.microsoft.com/downloads/deta ... E663A53698
我可不希望電腦像上回被人控制-.-
ASN.1 啊?我都叫 Kaspersky 被攻擊就直接把對方擋下來一小時,不用回報 (反正回報了也沒有用,看爽的而已)。不過話說我 Windows Update 都已經裝了,上回還是發現中了某早期病毒... Orz

--
所以我才把 NAV 換成 Kaspersky 的...
pccillin好像沒有自動封鎖的功能...Orz
只好在分享器裡把它擋掉了...

裝的修正檔好像沒啥用...
還有些企圖用netbios來搞事...硍-.-



最近開始注重網路安全了...