Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
A number of Linux websites running PHP have been defaced in the last 24 hours. ISC is reporting a worm dubbed "Santy.A" is in the wild that exploits the "highlight" vulnerability in phpBB versions 2.0.10 and earlier. Sites exploited by this worm have reported all write-able .htm,shtml,.asp, and .php pages are overwritten with:
This site is defaced!!!
This site is defaced!!!
NeverEverNoSanity WebWorm generation N
(where N is some integer)
All users of vulnerable phpBB versions are advised to upgrade to version 2.0.11. See the following advisories for more info:
Since the vulnerability isn't in any particular operating system, but rather in the phpBB application, it looks like it would infect any UNIX or UNIX-like operating system (linux/BSD) that is running a version of phpBB earlier than 2.0.11. The system would also need perl installed for it to be able to infect other hosts. I doubt whether an OS is open or closed-source matters, I think they were just refering to the phpBB software as being "open-source" in the article.
In related news, there is an Anti-Santy worm (aka Net-Worm.Perl.Asan.a) in the wild which reportedly fixes the "Highlight" vulnerability that Santy used for infection. The Anti-Santy worm also apparently defaces web pages with the follwing text:
"viewtopic.php secured by Anti-Santy-Worm V4. Your site is a bit safer, but upgrade to >= 2.0.11."
Several Santy variants have also been detected along with reports of worms exploiting actual PHP vulnerabilities (not the phpBB highlight bug). Those utilizing any form of PHP or phpBB are strongly urged to upgrade to current versions.
You can apply a patch that fixes the vulnerabilities, but you'd still need to appy the patch, recompile and reinstall. So unless you've got some custom mods, you may just want to install the new version. If you do decide to patch, there are some brief instructions here: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636