The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHPBB Alert!

Discussion in 'General Discussion' started by easyhoster1, Feb 6, 2005.

  1. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    Looks like another hole in phpBB is in the works and phpbb.com has been taken offline from hackers. :mad:

    http://phpbb.sourceforge.net/

    Nick and company, should keep an eye on this.
    ;)
     
  2. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16
    awstats is vulnerable. update to latest current.
     
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Please read entire pages before screaming "The Sky is falling". As it states on the phpbb.com site
    Just because they were one of the victims does mean it was an issue with their software, Also as noted on the site by
     
  4. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider

    Where did you get the awstats thought from? No where does it say that was the common application.

    Nor does it say it had anything to do with cPanel.
     
  5. djmerlyn

    djmerlyn Well-Known Member

    Joined:
    Aug 31, 2004
    Messages:
    203
    Likes Received:
    1
    Trophy Points:
    16
    #5 djmerlyn, Feb 9, 2005
    Last edited: Feb 9, 2005
  6. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16

    the same link :

    and if you check cpanel change log (10.0.0 (build 45) - EDGE Tree Wed Jan 26 14:19:07 2005 ):

    :)
     
  7. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    See. They updated it after I posted. :D
     
  8. cyanide

    cyanide Well-Known Member

    Joined:
    Aug 11, 2003
    Messages:
    106
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Toronto, Canada
    anyone know if this has been fixed in current or release ?
     
  9. joun_mp

    joun_mp Registered

    Joined:
    Feb 10, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    No, they hasn't been uptated. Could someone from cpanel please have a look and update the CURRENT to awstats 6.3 ASAP!!!
     
  10. picoyak

    picoyak Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Well, I checked my awstats.pl against the notes here and the fix seems to be implemented.

    I'm currently running 10/C48

    Unless there's some other areas to patch besides /usr/local/cpanel/base/awstats.pl and
    /usr/local/cpanel/3rdparty/bin/awstats.pl ?
     
  11. cyanide

    cyanide Well-Known Member

    Joined:
    Aug 11, 2003
    Messages:
    106
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Toronto, Canada
    Really ? I just upgraded to 10.0.0-CURRENT 52 and Awstats still says 6.2 (build 1.783)
     
  12. picoyak

    picoyak Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Yep. Regardless, the fix seems to be implemented.

    But, awstats.pl is friggin huge. So any more informed feedback is welcome. Anywhere else to look? Or more precise details about which parts of the script? I was focussing on line 5343 in mine.
     
  13. AQHost

    AQHost Active Member

    Joined:
    Apr 14, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    6
    The advisory you're looking at there is for a different, older vulnerability (the so-called configdir vulnerability). The latest AWStats vulnerability is a different beast.
     
  14. picoyak

    picoyak Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for that! :)

    ... off to have another look
     
  15. AQHost

    AQHost Active Member

    Joined:
    Apr 14, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    6
    NP. Until cPanel get us all upgraded to 6.3, the fix posted by jamesbond in this thread seems to work just fine.
     
  16. cyanide

    cyanide Well-Known Member

    Joined:
    Aug 11, 2003
    Messages:
    106
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Toronto, Canada
    Ahhh !

    I just ran /scripts/upcp --force and was updated to 10.0.0-C82

    And, yes Awstats is at 6.3 - Thanks cPanel :)
     
Loading...

Share This Page