Comment spam and serious phpbb2 security hole
I’ve been getting a ton of comment spam lately–so, it was time to turn on the “no comments go public until approved” switch. I’ll try to give timely approvals to new comments, sorry for the inconvenience.
There’s a nasty phpbb2 security hole, and one site on my server is running that (one I don’t control directly), and it’s been exploited by at least two different people (judging by IP address) already. You can do some pretty nasty stuff with this hole, to the point where if you have a buggy kernel (one for which there is a local unprivileged user->root exploit), you can get remote root. Blah. Fortunately the script kiddies weren’t that smart, never got past the inital stages. But… worrisome. I always trust my code over other peoples’, even though it’s got a lot fewer eyes on it. I’m just super paranoid about user input processing and handling…
In the meantime (until I figured out exactly what was happening, for sure) I also upgraded PHP to 4.3.9, and mod_ssl to 2.8.22, and Apache to the latest rev. Went pretty seamlessly, but I suspect when I want to do an openssl upgrade it’s going to break everything. Sigh. Too bad no support for RH7.3 anymore! Or, at least, too bad the dedicated box is 1,500 miles away and I can’t just sit at console and upgrade it to something newer…
I’ve been hit by comment spam too. Had to turn on moderation but still get a lot of ‘needs approval email’. I’am about to follow a recipe from http://www.tamba2.org.uk/wordpress/spam/ I’ll probably start with the php file rename (see how it goes)
Love that dog creech….
Life love dog falling give people. Boo is my dog and i love her very much to boo. Dog love….