Posted on 12/20/2004 7:03:43 PM PST by Armedanddangerous
Some friends and I have operated a self defense survival and conservatism website called www.paxbaculum.com .
This afternoon someone apparently took control of it with a worm called neverevernosanity webworm generation 13.
Thanks Prime Choice!
My level of experience is nil.
......I'm a Mac user......
Basically, I'm a stay at home mom that anticipates moving into the workforce now that my son is 8.
I'd like to work during his school hours and anticipate that PC's will be involved in my new workplace, wherever that may be.
For my two cents, I love FR because I can learn about subjects that are foreign to me, and at least learn a little bit about the language supporting them. It helps me in forming semi-intelligent questions. LOL
I love that you said that the only dumb question is the one that isn't asked. That is a treasure.!
Believe me, when I get that said job, I'll have plenty of questions.
FWIW, I've been a producer/writer for most of my career, I've been out of it for most of the past 6 years and am looking for a field that interests me and accepts a 44 year old with a broadcast journalism degree.
Please no slings and arrows! (<:
I'm no Mary Mapes. Just a cable sort.
Sorry RebelTex.
I forgot my FR manners, not a good thing to do.
Thanks for the reminder to include the zotee's name in the reply line. Sorry again for the confusion.
Merry Christmas to you and yours.
Merry Christmas to you and yours, too!
I hope ya'll have the best one, ever.
Don't worry about not indicating who you wanted to zot. I was going crazy until I figured it out, then it was pretty funny. Boy, was I red-faced. No harm done, though, so don't feel bad. I should have picked up on it a lot quicker, but I guess I'm just getting old. heheh
The only reason I mentioned it was so I wouldn't feel quite so foolish.
;^D
Sure thing. The joker was named 'johnny3' and he was repeatedly linking to some powerpoint presentation at "summeroftruth.org." Turns out the site is a whacked-out Leftist k0n5p1r4cy k00k site that insisted that the Republican party was behind the 9/11 attacks. Truly screwed-up stuff.
The idiot in question was something of a sleeper troll who had signed up in October and chose tonight to go turbo-jackwit.
Oh you sweetie, you!
No harm done.
Things can get "convoluted" (hope I spelled that right) when I'm replying on a few threads at once.
I'm heading for the roundhouse now.
Waaay too much Christmas shopping to be accomplished tomorrow! (:
Hope y'all have a wonderful Christmas, FReepers one and all!
"The idiot in question was something of a sleeper troll who had signed up in October and chose tonight to go turbo-jackwit."
Turbo-jack wit."
Now that's a phrase I can live with and appreciate
I've got a Jack Russell Terrier, named Sparky, who turns a year old on Dec. 29th.
He assumes the Turbo Jack Wit stance several times daily.
Good talking with you Prime Choice.
Thanks for clearing that up, Prime Choice.
Now, I understand why he was zotted. It seems like the trolls are always zotted before I can read their posts.
Dang - I'd sure like to zot one, heheh. (Maybe I'll catch one for Christmas.)
:^D
Ya'll have a Merry Christmas, now, ya hear.
If I can do on/off, and hit print....my day is made.
Heh. Well, rest assured that any dog at its worst is far more behaved and polite than any rabid Leftist at their best. ;o)
Dang - I'd sure like to zot one, heheh. (Maybe I'll catch one for Christmas.)
I got a target practice troll here. I keep him in a cardboard box (airholes optional) for just such an occasion, lemme take him out for ya.
WHOA! Flame troll! Look out!!
Sorry, Tex...he went rabid. Had to put him down.
| It is indeed a webworm, targetting the most recent vulnerabilities announced this past Friday in PHP. While I do automatic nightly updates of certain key components of my systems, this update was not yet released from my publisher. I misread their announcement, and so it is entirely my fault. If I had noticed they didn't intend to patch within 24 hours, I'd have hand-patched. The primary purpose of this worm is to set up some sort of spam-gizmo. I have not yet completed analysis of the code, but it is Brazilian in origin and at initial glance seems to be trying to test email addresses for validity, keeping a list of good and bad email addresses. It then reported them back through IRC to someone who I assume is collecting the data in their master database to spam away using other (or possibly the same) drones. Though it would seem the folks who run Windows on their desktops are the most prone to the spam-sleepers. I guess that will teach them to trust Ol' Bill. ;) |
Now that was funny. Good thing I had already finished my coffee this morning or it would have been all over the screen.
Thanks for the wake-up laugh. Love to start my day LMAO with tears in my eyes (WTIME). It makes the whole day a little bit brighter and nicer.
;^D
Information is flying across the lists about the worm that hit your site. It appears to be a worm that exploits a vulnerability in phpBB that was identified a month ago:
This bug only exploits a hole in phpBB2 as far as I can tell. It does not
appear to exploit a hole within PHP. In order to protect yourself, you
must upgrade phpBB2 to version 2.0.11.
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513
See also:
http://isc.sans.org/
Generation 9 appears to overwrite files with the following extensions:
.htm, .php, .asp, .shtm, .jsp, .phtm
It only displays a defacement message saying
"NeverEverNoSanity WebWorm generation #"
Where # is the generation of the worm.
http://www.glen-l.com/
Keep following the "Boatbuilder Connection" link. It went down yesterday morning.
As a complete non-techie I would be grateful for some comments regarding this webworm. A site several of us have being using as a disussion forum got hit by generation 16 of the worm.
The site has been effectively abandoned by its owner, so they will obviously not be looking to get rid of the worm. In this situation is the site finished?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.