Oh crap 😒
Lamers. Yes I see that page too.

Damn. Nuts.

I thought it only affected sites running phpBB, but it turns out it's also a problem for unpatched versions of PHP. See here:

http://it.slashdot.org/it/04/12/21/2135235.sh … tid=217&tid=169

and here:

http://securityresponse.symantec.com/avcenter … perl.santy.html

Paul, I hope you keep a local backup... 🙁

Gambit37 wrote:

Paul, I hope you keep a local backup... 🙁

I think he does. The backup even comes with the software (when you download Glidos you also download it's website)

Did anybody hear from Paul?

Paul, I haven't had time to look into this, but I understand you have to upgrade to phpBB version 2.0.11. Does anybody know if this is correct? Will this do the trick? I think they've also used an exploit in PHP itself, so maybe PHP must also be updated to the newest version? Probably wise to do both, anyway...

Paul did you lose any stuff? Just let us know if there's anything we can help you with!

Funnily enough the unlock service can still be reached by going to http://unlock.glidos.net/unlock.php. Lucky for me, as I needed a couple of new unlock codes. I don't know, it might prove useful to others as well.

Aldo Bleeker

See the Slashdot conversation link I posted above for more info and speculation.

Paul doesn't use phpBB on his site, so it must be the PHP vulnerability.

Slashdot: 503 Service Unavailable
*gasp* Was Kapersky right? Are we in the midst of a cyberterrorist attack?! I NEED MY SLASHDOT AAAAAHHHHHHHHH~!!!!#!$%!#$

Take a deep breath, Snover! Calm down! I had no problem getting to Slashdot just minutes ago. I think the're experiencing some problems, but when you wait, you probably will get through. (Maybe Slashdot has been slashdotted?)

Somehow I'm reminded of a scene in one of the Airplane movies, where the crew is explaining to the passengers they're experiencing a number of problems, and even malfunctions. Luckily the passengers take all this extremely well. They then conclude their announcement with the offhand remark that unfortunately there will be no coffee available during the trip, and panic ensues!

If the host isn't properly locked down, ALL virtual hosted sites on a server are defaced, not just the ones owned by the original user.

It was bloody portland.co.uk, where I host most of the site. They keep getting hacked. http://unlock.glidos.net, served from my machine was fine.