Using phpBB? Server-level defense against Santy.A worm

Forum Moderators: rogerd

Message Too Old, No Replies

Using phpBB? Server-level defense against Santy.A worm

benevolent001

7:21 am on Dec 23, 2004 (gmt 0)

I have found this from phpbb website they are saying to add following to your htacess file if you are running apache

this is something against Santy.A worm

RewriteEngine On 
RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 
RewriteRule ^.*$ - [F,L]

just copy those and put them on a file called .htaccess on your website.its in root folder. It only works if the server your site is on is running apache. Even if it does, there's no garantee it will work. The server your board is on must be able to support rewrite conditions. There's no way to find out other then doing what has been said in this topic. If the server doesn't support them, you'll get an error message when you go to view your site.

Good Luck

Joe Belmaati

7:27 am on Dec 23, 2004 (gmt 0)

It should be noted that people on shared hosting will need to ask their host to put this piece of rewrite code in their httpd.conf file. If someone else on the server has a vulnerable installation of phpbb running, no one on the server is safe...

eaden

10:54 pm on Dec 24, 2004 (gmt 0)

That won't work if you change highlight to hig%33light or something.

Here is what I did - simply to reduce load and sessions ( which can fill up the session table )

Add this to the very top of viewtopic.php just after the <?php :

if(stristr($QUERY_STRING,'%2527')) {
die();
}