PHPBB operators, urgent warning


#1

Check your files and insure none of them are now suddenly owned by “root”, specifically “viewtopic.php”. If so, take your board down immediately and have the Dreamhost Admins remove those file and replace them with your back up, which should be the latest version.

Looks like Galaga may have been compromised.


#2

Looks like you can delete the viewtopic.php file even though it is owned by user/group root. Delete it and replace it with one 2.0.11 or later.


#3

Please don’t post FUD like this without first finding out what happened.

The machine has not been compromised. I goofed when patching existing phpBBs and forgot to reset the ownership. This should now be fixed.


#4

I apologize, but there was a lengthy silence (4 hours, a lifetime with a security concern) in trying to discover what had happened. Note that I also requested a callback on my support request, and I never got any…

And seeing that someone tried (unsuccessfully) to exploit the viewtopic.php script in the few short hours between it going public and the time I patched it (several days before the Dreamhost patch), I was a little jumpy. This jumpiness could have been avoided if we had received notice of the patch beforehand.

But generally Dreamhost does a great job of keeping me informed, and you do a wonderful job with security, so I shouldn’t have been so worried. Chalk that one up to a bad experience with a former, inferior host.

Next time I’ll be more trusting of Dreamhost.