Insecure phpBB scripts wreak havoc on the servers I administer, allowing users to upload malicious scripts and in general cause trouble. I am currently working to implement a solution to keeping all phpBB installations on a webserver up to date, in order to prevent attacks.
I have written a python script that finds all old viewtopic.php scripts so far. More will come soon.
I just wanted to post my progress here for two reasons:
1) Share something that might be useful to others
2) Find out if I'm reinventing the wheel
I intend to find a way to automatically update each script encountered that is old using the patch method, however, some installations are almost certainly further back than 1 version.
Any comments, suggestions, whatever are appreciated.
I have written a python script that finds all old viewtopic.php scripts so far. More will come soon.
I just wanted to post my progress here for two reasons:
1) Share something that might be useful to others
2) Find out if I'm reinventing the wheel
I intend to find a way to automatically update each script encountered that is old using the patch method, however, some installations are almost certainly further back than 1 version.
Any comments, suggestions, whatever are appreciated.
Code:
# phpBBscan.py: looks for old phpBB installations
# author: [email protected]
# this is public domain - do whatever you want with it
import os
import string
# 2.0.15
latest_phpbb = "Id.*1\\.186\\.2\\.41"
# 2.0.14
# latest_phpbb = "Id.*1\\.186\\.2\\.40"
# get the list of viewtopic.phps
filenames = os.popen("slocate viewtopic.php")
nobody_uid = int(os.popen("grep nobody /etc/passwd").read().split(":")[2])
nobody_gid = int(os.popen("grep nobody /etc/passwd").read().split(":")[3])
os.setgid(nobody_gid) # need to be nobody group too
os.setuid(nobody_uid) # we are now nobody
for filename in filenames:
filename = filename[:-1] # remove newline from filename
parentdir = filename.split("/")[:-1]
parentdir = "/".join(parentdir)
print "Found possible phpBB install at", repr(filename) + ", checking if accessible...",
if not os.access(parentdir, os.X_OK): # we can't get to the parent directory
print "parent directory not accessible."
elif not os.access(filename, os.R_OK):
print "file not accessible."
else:
print "accessible; checking for latest version...",
found = os.popen("grep " + latest_phpbb + " " + filename)
if not found.read(): # we didn't find the correct version
print "INSECURE!"
else:
print "latest version"