Hey I was trying to access our clans forum shortly ago, & got a page saying something about this site has been defaced or soemthing, then something about a Webworm Generation 11 or something? is this on teh servers end or on my end, just want to know If I should run NAV (haven't for a bout a week or so), or what? here's a pic of what is displayed:

This is the new PHP bug that is hitting primarily PHPbb sites.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=141132

This is on the server side, they need to update PHP.

Ahh, For a minute there I thought my PC had contracted something, No other PHP based site have this issue, so it must be on their server end. Hopefully in a day or more they'll have it fixed!!!

Thanks for the Heads up!!!

The really weird thing is that I was literrally JUST googling for this to see how widespread it was in the wild. Freaky!

I am trying to figure out the "generation" part. The e-mail I got that detailed this had "generation 9" in it, but yours has 11. Perhaps it is propogating itself?

Heres teh latest message after checking again?

From what I have read it doesn't just replace the index but also deletes certain file types. So, if the include file was deleted, it may not know how to connect to the DB.

Hope they had a backup.

As for the doubling up, it looks like they got hit twice and it just appended to itself.

Ouch!!!! Sounds like it could be pretty bad? :(

Could have been. But, the way it spread was via asking google for sites running phpbb, but google has blocked it. So, it was bad, but looks like it stopped.

It has been stopped!

See Here (http://www.f-secure.com/weblog/)

:)

Bob

COOL!!!:)

That one site is still down though.:(

My small server was hit also. Generation 20...

I am all set, up and running in a few hrs...I was lucky to be home and looking online monday night. I go infected around 10:30pm.

Oh, the joys of running a server!

Hey, have you found where it popped you in the logs? I would be curious to see what it looks like.