NeverEverNoSanity
I read with interest that a local website was hit by an exploit called Bloodhound.Exploit. They had to shut their website down. Well, being the curious boy that I am I dug abit deeper.
It seems that the website (thevoiddeck.org) could have been hit by either the above, the Santy worm or a combo of both. I dunno how they arrived at the Bloodhound conclusion but I read with interest that there was a Santy worm that spread in late December hitting all php-based forums that were running older versions of php (and by extension any BB-system using php). Apparently all running versions lower than 4.3.10 were vulnerable.
So what this worm did was use Google to look for sites running phpBB, by searching for viewtopic.php and use a perl script to gain access (I assume buffer-overflow) to webroot then search for text-based files like .php, .htm and insert some h4X0r l33t text into the files.
Since then there have been (and will be) various new strains of Santy; n00b hackers need only edit abit of the perl code to recreate the activity since not every board admin monitors phpBB forums for updates. I suppose that's how thevoiddeck.org got hit so late in the worm's lifecycle: many STILL aren't patched.
Reminds me of the n00bs at forums.hardwarezone.com; don't they run vBulletin which is php-based? HAHAHAHAH!!! Thank goodness I deigned to comment in that n00b-farm of late.
It seems that the website (thevoiddeck.org) could have been hit by either the above, the Santy worm or a combo of both. I dunno how they arrived at the Bloodhound conclusion but I read with interest that there was a Santy worm that spread in late December hitting all php-based forums that were running older versions of php (and by extension any BB-system using php). Apparently all running versions lower than 4.3.10 were vulnerable.
So what this worm did was use Google to look for sites running phpBB, by searching for viewtopic.php and use a perl script to gain access (I assume buffer-overflow) to webroot then search for text-based files like .php, .htm and insert some h4X0r l33t text into the files.
Since then there have been (and will be) various new strains of Santy; n00b hackers need only edit abit of the perl code to recreate the activity since not every board admin monitors phpBB forums for updates. I suppose that's how thevoiddeck.org got hit so late in the worm's lifecycle: many STILL aren't patched.
Reminds me of the n00bs at forums.hardwarezone.com; don't they run vBulletin which is php-based? HAHAHAHAH!!! Thank goodness I deigned to comment in that n00b-farm of late.
posted by Beng Hacks at 6:04 PM
0 Comments:
Post a Comment
<< Home