Phpbb include vulnerability scanning
Incidents.org is reporting scanning for phpbb include vulnerabilities through Google. Apparently there is an IRC botnet being “cultivated”. They are scanning for versions of phpBB prior to 2.0.10, the current release is 2.0.18.
The new IRC bot scans for vulnerable systems using Google, when successful it announces that “oopz and sirh0t and Aleks g0t pwned u!”, and has UDP flooding and UDP/ICMP/TCP scanning capabilities.
The file phpbb_patch was found on exploited systems.
Also from incidents.org …
Please update your files now. Phpbb forum support guru “Techie-Micheal” points out that “running update_to_latest.php on their install only updates the database (and is clearly stated in the documentation), files need to be updated seperately for which there are several methods”.