Re: [mod-security-users] Sanity.A - phpbb worm

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thanks for all the good tips so far.  The environments involved are shared
hosting servers and, unfortunately, it seems not everyone got the email :)
We continue to see the sanity worm getting uploaded and are having some
trouble tracking down the culprits, so we're looking to other measures whil=
e
we sort out the real problem.

On 1/31/05 11:25 AM, "Ivan Ristic" <iv...@we...> wrote:

> Michael Hochradel wrote:
>> First off, let me say thanks for making such a great product and
>> maintaining this mailing list so the newbies like me can get some
>> answers on things.  My question, obviously, relates to the sanity worm.
>>  I saw on the main page the post from Dec 22 regarding this rule:
>>=20
>> SecFilterSelective ARG_highlight %27
>>=20
>> I=B9m wondering how effective this is and if there are any new strains I
>> need to be aware of or any other advice from the community about dealing
>> with this worm.
>=20
>    The rule should work for new strains but haven't examined the
>    vulnerability in great detail to determine if there are other ways
>    to break PHPBB. You should upgrade to the latest PHPBB version -
>    that's the best advice anyone can give you.

--Gnomercy
AlphaOmegaHosting.Com, Inc.
Customer Support Supervisor