Full Disclosure mailing list archives
phpbb blend portal and activity mods at risk
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Mon, 29 May 2006 11:33:40 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have got this email today and it should be more than useful also forwarded on FD: - ---------------------------------------------------------------quoting austin----- It has come to my attention that Blend has a security issue. If you have Blend Portal System OR Activity Mod installed, please disable your board or uninstall these mods for the time being and do the file edit that I have listed below. Here are a list of IPs that you need to ban from your site as well. 85.107.151.110, 84.112.100.97, 84.112.100.97, 200.112.130.69, 87.97.213.154, 211.66.110.157, 201.29.218.185, 195.93.60.97, 202.133.82.69, 70.136.76.25, 212.104.107.114, 157.142.200.121, 200.243.242.123, 166.111.249.39, 85.104.25.166, 85.14.214.4 These are known IPs that have used a script to infect sites with trojans via a file in blend. Open: blend_data/blend_common.php FIND define('BLEND_DATA_PATH', 'blend_data/'); BEFORE, ADD if (!defined('IN_PHPBB')) die('Hack Attempt'); CLOSE & SAVE I will release a fix for these issues ASAP. I apologize for this huge inconvenience. - ---------------------------------------------------------------quote end----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (MingW32) iD8DBQFEer/zFJS99fNfR+YRAvpdAJ9oPW2ybD2z0PdOTW+SGPE9JLmQ8QCdGT78 nqqqrR0IY3g9QAu9P+I5zqI= =Fnxy -----END PGP SIGNATURE-----
Attachment:
ad.vcf
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- phpbb blend portal and activity mods at risk ad () heapoverflow com (May 29)