Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: knewbie on December 22, 2004, 08:40:38 PM
-
Hi all...
I have been the victim of NeverEverNoSanity Web Worm; through a website I host for a friend, a friend that didn't keep it's phpbb forum up to date.
I also host a small personnal genealogy website which seems to have been infected too...
Seems the worm propagates by overwriting all php/asp/html files it has access to.
Anyone has an idea what I can do ? I will try dumping the data from phpmyadmin (if I still have access to it) and /or a knoppix live-cd boot to get most things I can, but any suggestion would help.
BTW no I didn't backup (and now I pay) since I had trouble with the mondo backup tool for SME.
Was SME 6.01-01 with php 4 and phpaccelerator. (didn't reboot the machine since infected ...)
a post at Bugtraq propose this fix for a fast repair
RewriteEngine On
RewriteCond %{QUERY_STRING} ^(.*)echr(.*) [OR]
RewriteCond %{QUERY_STRING} ^(.*)esystem(.*)
RewriteRule ^.*$ - [F]
Any Idea if it can help if put in vconf or in .htaccess ?
-
http://www.phpbb.com/phpBB/viewtopic.php?t=249153
cyberwolf80
Registered User
PostPosted: Wed Dec 22, 2004 3:26 am
ok, I was hit by the worm. Sadly, I haven't made a backup in a while. However, the SQL Database for the forum is still there, and is still quite large.
is there any chance everything could be saved if I install a fresh PHPBB and point it to that database?
edit: I've no clue what is stored in the databases and such, so if I'm babbling like an idiot, I'm sorry.
/////////////////////////////////////////////
Graham
Moderator Team Member
PostPosted: Wed Dec 22, 2004 3:51 am
If the database is still there, yes.
Delete all the files
Upload phpBB 2.0.11 as normal, but instead of running install/install.php run contrib/dbinformer.php and let it create the config.php file for you (and if necessary upload it)
Run install/update_to_2011.php
Remove the install and controb folders
_________________
"So Long, and Thanks for All the Fish"
"
So I'm doing the same with SPIP, all PHP things in the ibays...and hope it will work.
Next : automated updates and backups that works ?