phpBB Upgrade - Server Wide - WHM Global Upgrade Needed!

peterquast

Member
Apr 19, 2002
15
0
301
phpBB Upgrade - Server Wide - WHM Global Upgrade Needed!

Ok, we have hundred accounts on a server, they ALL use phpBB...

The OLD version that they are ALL using is NOT SECURE...

If each client logs into their Control Panel, they will be prompted to CLICK A BUTTON to upgrade...

WHAT we need is a function in WHM to UPGRADE ALL of them with one touch of button PLEASE :)

Otherwise, my server is NOT SECURE until every single client goes and upgrades each board.

HELP!!! :)
 

jester.ro

Well-Known Member
PartnerNOC
Feb 6, 2004
303
0
166
Bucharest, Romania
cPanel Access Level
DataCenter Provider
But there is such a thing.

It's called "addon script manager"
Last link in the left frame of WHM

But you have to have a new version of cpanel/WHM
Latest STABLE has it
 

easyhoster1

Well-Known Member
Sep 25, 2003
656
0
166
jester.ro said:
But there is such a thing.

It's called "addon script manager"
Last link in the left frame of WHM

But you have to have a new version of cpanel/WHM
Latest STABLE has it
Still 404 on FREEBSD users??
 

peterquast

Member
Apr 19, 2002
15
0
301
i dont see it :)

Here is what i am using, and i dont see that link ? :)

WHM 9.9.8 cPanel 9.9.8-E142
RedHat 9 i686 - WHM X v3.1.
 

peterquast

Member
Apr 19, 2002
15
0
301
sorry, ignore :)

Sorry, ignore me :)

Thanks for the heads up on that function... i really appreciate it.
 

easyhoster1

Well-Known Member
Sep 25, 2003
656
0
166
peterquast said:
Here is what i am using, and i dont see that link ? :)

WHM 9.9.8 cPanel 9.9.8-E142
RedHat 9 i686 - WHM X v3.1.

Did you install the script in addon moduels?

Name: addonupdates
Author: cPanel Inc.
Installed Version: 0.2
Version: 0.2
Description: Addon Script Manager/Updater !!BETA!!
Price: free
 

Stobe

Member
Sep 26, 2003
7
0
151
I've got the latest version of Cpanel installed, and I used the addon update script. But it only found 2 installations of phpbb (which I know is way off) when I click on f"Find Installations".

Any ideas why?

When I log into cpanel on a domain that has a phpbb installed, it will only allow me to "Click here to update to 2.0.8"

??

Thanks,
Stobe
 

haze

Well-Known Member
Dec 21, 2001
1,544
3
318
Not sure why its not showing any more users if they've installed it via cpanel. But what worries me more is that it says "Click here to upgrade to 2.0.8" when that version is vulnerable. Are you using a 3rd party installer ? Or do you have the option to install and keep updated phpBB via "addon scripts" under the cpanel menu heading in WHM ? If not, you will need to rely on whatever 3rd party you are using to get the updated scripts and perhaps provide you with a means for mass updating.

Perhaps you might just need a good old /scripts/upcp ?
 

fusioncroc

Well-Known Member
Sep 28, 2004
261
0
166
U.K.
if your planning on fixing the recent worm exploit just do the following commands

mkdir phpbb
cd phpbb
pico wormfix.pl
---------------- paste this code --------------------------------
#!/bin/sh
for i in `locate viewtopic.php`
do
if grep "htmlspecialchars(urldecode" $i > /dev/null; then
echo $i >> vulnerable_phpbbs
/usr/bin/replace 'trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));' 'trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));' -- $i
fi
done
----------------------------------------------------------------------
then do perl wormfix.pl

and it will fix the exploit that makes the worm work
also if you upgrade to php 4.3.10 and have wget chmod'ed to 750 and run mod security
then you will have a extra layer of security

btw i've ran this script on 5 servers and another host has used the script to fix 15 servers +
but use it at your own risk
 

cyon

Well-Known Member
PartnerNOC
Jan 15, 2003
314
0
241
Thank you very much!!
I run it and it seems to work fine.
But if there is a foldername with a whitespace in it this error occurs:

grep: /home/username/public_html/folderwith: No such file or directory
grep: whitespace/board/viewtopic.php: No such file or directory
 
Last edited:

haze

Well-Known Member
Dec 21, 2001
1,544
3
318
Hrm.. im not much of a programmer ( not at all actually )

But, and i can't guarantee this won't do something evil or if it will work at all, however the $i in:
Code:
/usr/bin/replace 'trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));' 'trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));' -- $i
You might be able to rap it in ""'s so it looks like:
Code:
/usr/bin/replace 'trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));' 'trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));' -- "$i"
Darn those windows ppl and their white spaces!! :D
 

dezignguy

Well-Known Member
Sep 26, 2004
533
0
166
FYI, That wasn't the only vulnerability fixed in phpbb 2.0.11, so while your fix might fix this worm going around now... your phpbb installs will still be vulnerable to several other possible exploits. Phpbb says it's highly recommended to just update completely to 2.0.11.
 

Dillard

Well-Known Member
Feb 26, 2003
114
0
166
The Netherlands
dezignguy said:
FYI, That wasn't the only vulnerability fixed in phpbb 2.0.11, so while your fix might fix this worm going around now... your phpbb installs will still be vulnerable to several other possible exploits. Phpbb says it's highly recommended to just update completely to 2.0.11.
We know, but since the update script doesn't work and I have tens of installations on some servers this is a nice shortcut to disable the worm.

BTW. For FreeBSD I modified the script to this:

Code:
schubert# cat wormfix.pl
#!/bin/sh
for i in `find /home -name viewtopic.php`
do
if grep "htmlspecialchars(urldecode" $i > /dev/null; then
echo $i >> vulnerable_phpbbs
/usr/local/bin/replace 'trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));' 'trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));' -- $i
fi
done
 

premsai

Member
Oct 21, 2003
12
0
151
india
Hi fusioncroc, thank you for the script .. but it seems to have some issues with escape characters. I have made neccessory modifications.

U may try this..
++++++++++++
#!/bin/sh
for i in `locate viewtopic.php`
do
if grep "htmlspecialchars(urldecode" $i > /dev/null; then
echo $i >> vulnerable_phpbbs
/bin/cp -p $i $i.bak.dec-`date +%d`
replace "trim(htmlspecialchars(urldecode(\$HTTP_GET_VARS\['highlight'\]))));" "trim(htmlspecialchars(\$HTTP_GET_VARS['highlight'])));" -- $i
fi
rm -f /tmp/*bot* /tmp/*ssh* /tmp/*wow* /tmp/*.txt*

##Changing the permissions of /usr/bin/wget. This may block fantastico upgrades.
chmod 700 /usr/bin/wget
done
++++++++++++
:) N'joy
 

kosmo

Well-Known Member
Verifed Vendor
Aug 12, 2001
401
0
316
All over Europe
premsai said:
##Changing the permissions of /usr/bin/wget. This may block fantastico upgrades.
chmod 700 /usr/bin/wget
premsai,

since Fantastico De Luxe 2.8.2 r7, you can use a renamed version of wget for Fantastico. If you have an older version: chmod "wget" back to 755 and update Fantastico. Then:

whereis wget
## (usually /usr/bin/wget)
cp /usr/bin/wget /usr/bin/something_long_and_strange_enough_here
chmod 700 /usr/bin/wget
chmod 755 /usr/bin/something_long_and_strange_enough_here

Now go to Fantastico admin -> Settings and enter the full path to the renamed wget, i.e.: /usr/bin/something_long_and_strange_enough_here

use something like "o41jprw86gq00cm1" for "something_long_and_strange_enough_here" (and DON'T USE THE EXAMPLES!!!)

We have seen an increase of attacks of every possible form using "wget", the above is highly recommended in order to make your server more secure.

kosmo
 

zye

Well-Known Member
Dec 6, 2002
122
4
168
thx premsai for the script - woked like a charm

i had 2 server compromised :-(((

now everything is back to naormal

greetz
zye
 

timdorr

Well-Known Member
PartnerNOC
Jul 9, 2002
93
0
156
Atlanta, GA
I highly suggest blocking outgoing IRC connections. You can add it to an iptables firewall with this command:

iptables -A OUTPUT -p TCP -s 0/0 --destination-port 6667 -j REJECT

Port 6665 is also popular, so I would add an additional rule for that, as well.