phpBB Upgrade - Server Wide - WHM Global Upgrade Needed!

[peterquast]

phpBB Upgrade - Server Wide - WHM Global Upgrade Needed!

Ok, we have hundred accounts on a server, they ALL use phpBB...

The OLD version that they are ALL using is NOT SECURE...

If each client logs into their Control Panel, they will be prompted to CLICK A BUTTON to upgrade...

WHAT we need is a function in WHM to UPGRADE ALL of them with one touch of button PLEASE

Otherwise, my server is NOT SECURE until every single client goes and upgrades each board.

HELP!!!

 

[jester.ro]

But there is such a thing.

It's called "addon script manager"
Last link in the left frame of WHM

But you have to have a new version of cpanel/WHM
Latest STABLE has it

 

[easyhoster1]

But there is such a thing.

It's called "addon script manager"
Last link in the left frame of WHM

But you have to have a new version of cpanel/WHM
Latest STABLE has it

Still 404 on FREEBSD users??

 

[peterquast]

i dont see it

Here is what i am using, and i dont see that link ?

WHM 9.9.8 cPanel 9.9.8-E142
RedHat 9 i686 - WHM X v3.1.

 

[peterquast]

sorry, ignore

Sorry, ignore me

Thanks for the heads up on that function... i really appreciate it.

 

[easyhoster1]

Here is what i am using, and i dont see that link ?

WHM 9.9.8 cPanel 9.9.8-E142
RedHat 9 i686 - WHM X v3.1.

Did you install the script in addon moduels?

Name: addonupdates
Author: cPanel Inc.
Installed Version: 0.2
Version: 0.2
Description: Addon Script Manager/Updater !!BETA!!
Price: free

 

[Dillard]

Still 404 on FREEBSD users??

As it seems here we can't get this to work on FreeBSD (page not found)

 

[Stobe]

I've got the latest version of Cpanel installed, and I used the addon update script. But it only found 2 installations of phpbb (which I know is way off) when I click on f"Find Installations".

Any ideas why?

When I log into cpanel on a domain that has a phpbb installed, it will only allow me to "Click here to update to 2.0.8"

??

Thanks,
Stobe

 

[haze]

Not sure why its not showing any more users if they've installed it via cpanel. But what worries me more is that it says "Click here to upgrade to 2.0.8" when that version is vulnerable. Are you using a 3rd party installer ? Or do you have the option to install and keep updated phpBB via "addon scripts" under the cpanel menu heading in WHM ? If not, you will need to rely on whatever 3rd party you are using to get the updated scripts and perhaps provide you with a means for mass updating.

Perhaps you might just need a good old /scripts/upcp ?

 

[fusioncroc]

if your planning on fixing the recent worm exploit just do the following commands

mkdir phpbb
cd phpbb
pico wormfix.pl
---------------- paste this code --------------------------------
#!/bin/sh
for i in `locate viewtopic.php`
do
if grep "htmlspecialchars(urldecode" $i > /dev/null; then
echo $i >> vulnerable_phpbbs
/usr/bin/replace 'trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));' 'trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));' -- $i
fi
done
----------------------------------------------------------------------
then do perl wormfix.pl

and it will fix the exploit that makes the worm work
also if you upgrade to php 4.3.10 and have wget chmod'ed to 750 and run mod security
then you will have a extra layer of security

btw i've ran this script on 5 servers and another host has used the script to fix 15 servers +
but use it at your own risk

 

[cyon]

Thank you very much!!
I run it and it seems to work fine.
But if there is a foldername with a whitespace in it this error occurs:

grep: /home/username/public_html/folderwith: No such file or directory
grep: whitespace/board/viewtopic.php: No such file or directory

 

[haze]

Hrm.. im not much of a programmer ( not at all actually )

But, and i can't guarantee this won't do something evil or if it will work at all, however the $i in:

/usr/bin/replace 'trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));' 'trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));' -- $i

You might be able to rap it in ""'s so it looks like:

/usr/bin/replace 'trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));' 'trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));' -- "$i"

Darn those windows ppl and their white spaces!! :D

 

[dezignguy]

FYI, That wasn't the only vulnerability fixed in phpbb 2.0.11, so while your fix might fix this worm going around now... your phpbb installs will still be vulnerable to several other possible exploits. Phpbb says it's highly recommended to just update completely to 2.0.11.

 

[Dillard]

FYI, That wasn't the only vulnerability fixed in phpbb 2.0.11, so while your fix might fix this worm going around now... your phpbb installs will still be vulnerable to several other possible exploits. Phpbb says it's highly recommended to just update completely to 2.0.11.

We know, but since the update script doesn't work and I have tens of installations on some servers this is a nice shortcut to disable the worm.

BTW. For FreeBSD I modified the script to this:

schubert# cat wormfix.pl
#!/bin/sh
for i in `find /home -name viewtopic.php`
do
if grep "htmlspecialchars(urldecode" $i > /dev/null; then
echo $i >> vulnerable_phpbbs
/usr/local/bin/replace 'trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));' 'trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));' -- $i
fi
done

 

[premsai]

Hi fusioncroc, thank you for the script .. but it seems to have some issues with escape characters. I have made neccessory modifications.

U may try this..
++++++++++++
#!/bin/sh
for i in `locate viewtopic.php`
do
if grep "htmlspecialchars(urldecode" $i > /dev/null; then
echo $i >> vulnerable_phpbbs
/bin/cp -p $i $i.bak.dec-`date +%d`
replace "trim(htmlspecialchars(urldecode(\$HTTP_GET_VARS\['highlight'\]))));" "trim(htmlspecialchars(\$HTTP_GET_VARS['highlight'])));" -- $i
fi
rm -f /tmp/*bot* /tmp/*ssh* /tmp/*wow* /tmp/*.txt*

##Changing the permissions of /usr/bin/wget. This may block fantastico upgrades.
chmod 700 /usr/bin/wget
done
++++++++++++
N'joy

 

[darksoul]

funny how wormfix.pl its a sh script

 

[kosmo]

##Changing the permissions of /usr/bin/wget. This may block fantastico upgrades.
chmod 700 /usr/bin/wget

premsai,

since Fantastico De Luxe 2.8.2 r7, you can use a renamed version of wget for Fantastico. If you have an older version: chmod "wget" back to 755 and update Fantastico. Then:

whereis wget
## (usually /usr/bin/wget)
cp /usr/bin/wget /usr/bin/something_long_and_strange_enough_here
chmod 700 /usr/bin/wget
chmod 755 /usr/bin/something_long_and_strange_enough_here

Now go to Fantastico admin -> Settings and enter the full path to the renamed wget, i.e.: /usr/bin/something_long_and_strange_enough_here

use something like "o41jprw86gq00cm1" for "something_long_and_strange_enough_here" (and DON'T USE THE EXAMPLES!!!)

We have seen an increase of attacks of every possible form using "wget", the above is highly recommended in order to make your server more secure.

kosmo

 

[zye]

thx premsai for the script - woked like a charm

i had 2 server compromised :-(((

now everything is back to naormal

greetz
zye

 

[timdorr]

I highly suggest blocking outgoing IRC connections. You can add it to an iptables firewall with this command:

iptables -A OUTPUT -p TCP -s 0/0 --destination-port 6667 -j REJECT

Port 6665 is also popular, so I would add an additional rule for that, as well.