Santy.E Threatens Even Bigger Network of Sites
December 28th, 2004 Leave a comment Visited 19 times, 1 so far today
Santy.E Threatens Even Bigger Network of Sites
Web users are just recovering from the recently discovered Santy worm, which defaced a large number of phpBB based bulletin boards. It used Google to find new victims and as a result caused massive level of damage in a short time. Google took sometime before they managed to thwart the glitch and the spread was somewhat limited after a few hours.
However, as it happens with most other worms and viruses, variants have started to appear in the wild. And they are posing a bigger threat as they have expanded their target systems. Security firms have named it Santy.e and suggest that it targets more than just phpBB forums. It goes ahead and tries to hit any web application running on the PHP language, which allowed arbitrary file inclusion into PHP scripts.
This could however be prevented if the base code is efficiently secured but technically any site running PHP is in danger from this worm. Reports are already coming in with webmasters reporting that their servers are being under constant attack. Santy.e also use Google to find possible victims running PHP sites using vulnerable functions “include()” and “require().”
In addition, it also pulls in Yahoo! and AOL search engine results to avoid being blocked by Google. F-Secure have downplayed this particular virus claiming that it is under control considering the suspects are using a smaller base of computers to attempt these attacks. Nevertheless, alerts like this might result in massive updates in PHP applications, which might be affected from these attacks.
|
TechWhack on Facebook
|
December 29th, 2004 at 12:49 am
To me, it seems very difficult to find php pages using include() or require() via a search engine. Visit the php homepage at http://www.php.net and view the page source. Let me know how many includes() or requires() you find in the source code. PHP code is not “viewable” by a browser. Only the results of the PHP parsing. If the web server is set up correctly, if the programmer uses precautions that have been around since the birth of web programming, finding sites which use the PHP include() and/or the require() functions would be impossible.
Previous versions of “Santy” attacked instances of phpBB that websites deployed. Anyone in the world can download phpBB from the phpBB website. Thus, anyone in the world can view the phpBB source code. Strict review of this source code revealed certain “hacking” opportunities. Hackers then performed searches for any site running a phpBB bulletin board and took advantage of these opportunities. So, it’s not as if these hackers performed an exact search for specific php functions. Basically, they searched for phpBB. Like this site, for example, appears to be using some version of Wordpress. If you performed a search on wordpress, I would think that eventually you would find a link to this site.
There is the possibility to attack a php website without viewing its php source. If a programmer refuses to perform validity checks on user input, then there could be a problem. Certain weblinks or web page forms present this as a problem. Those forms or links which provide a hacker too much information are asking for disaster. The next time you fill out a web form or click on a web link, look for items in the URL such as “?topic=something&&table=articles”. Now you know the processing page is looking for a “topic” and it uses a table named “articles”. Any hacker, no matter of their ability could reproduce this link with certain code functions and could possibly retrieve information not intended for them. In a worst case scenario, they could even destroy the “articles” table. This resembles more of an “injection” attack and not so much a “worm”.
It’s very important to keep your server, software, and programmers updated on security issues and vulnerabilities.
Each of the major web programming languages shares these vulnerabilities. There are similar applications with the other web programming languages which could be reviewed and attacked. I certainly hope these current news items does not prevent anyone from using PHP. As with anything powerful, educate yourself before you use or deploy anything.
August 8th, 2007 at 08:31 pm
Hello! Help solve the problem.
Very often try to enter the forum, but says that the password is not correct.
Regrettably use of remembering. Give like to be?
Thank you!