♥Vger Posted December 24, 2004 Share Posted December 24, 2004 As some, or perhaps many, of you will know, there is now a php worm doing the rounds. All versions of php up to and including 4.3.9 are vulnerable to this worm, and many sites are now getting trashed on unpatched servers. To find out which version of php your site is running on, go to your osCommerce control panel, click on Tools, and then select Server Info. The PHP version should be right there at the top in large letters. If it is 4.3.9 or less then start harassing your hosting company to upgrade their servers immediately - to either 4.3.10 or php5+ (in this case it will require the php5 fix for your 'admin' to work). Hope this helps. Vger Link to comment Share on other sites More sharing options...
♥Vger Posted December 24, 2004 Author Share Posted December 24, 2004 P.S. If your server is not running on a safe version of PHP then take the time now to download a complete backup of your website and your database. You may need to restore it later! Vger Link to comment Share on other sites More sharing options...
Guest Posted December 26, 2004 Share Posted December 26, 2004 Hi Rhea, thanks, but it looks like it's too late for me :( ( http://www.oscommerce.com/forums/index.php?sho...44entry511644 ) Will ask my host to update to PHP4.3.10 asap, and hope it helps. Link to comment Share on other sites More sharing options...
Guest Posted December 26, 2004 Share Posted December 26, 2004 P.S. If your server is not running on a safe version of PHP then take the time now to download a complete backup of your website and your database. You may need to restore it later! Vger <{POST_SNAPBACK}> Hi! I checked mine and the PHP version is 4.3.10 so....guess I'm alright. I just wanted to comment that my web hosting service sent out an e-mail about this bug....but the impression they left on me is that the bug is confined to something called PHP BB or something like that. In other words, it's only affecting those that have installed some kind of message-board application in their website. My webhost did 'something' to their server in recent days after this bug started making the rounds, and now when I go into my Admin page....it's showing that I'm 'protected by an unknown secure SSL connection'. That wasn't the case until they tinkered with their server. Any thoughts on what that means? Sorry if my question is dumb, but.....I'm hoping this 'unknown SSL connection' isn't going to wreak havoc with my shopping cart or checkout or Lord knows what. There's just way too many posts on this board concerning websites having problems with SSL, so now I'm a bit nervous. Andrea Link to comment Share on other sites More sharing options...
♥Vger Posted December 26, 2004 Author Share Posted December 26, 2004 but the impression they left on me is that the bug is confined to something called PHP BB or something like that Not so. There was a problem with phpBB which allowed people to exploit it, and this was fixed by updating to a patched verion of phpBB. However, within days there was a new exploit, a php worm (the first of its kind), which allowed hackers to inject text into any web page on any type of server with PHP installed (Windows, Linux, Unix, BSD etc). The text could be used to deface any type of page (ASP, PHP, HTML etc). The only solution was to upgrade the version fo PHP being used on the server. If your hosting company has gone the extra mile and placed your osCommerce 'admin' control panel under their shared ssl cert. then so much the better. It makes your website a whole lot safer, and you should thank them for doing it. Not many hosts would go that extra mile for their customers. By the way, when your osCommerce 'admin'is protected by an ssl connection (whether shared or full) it always says it's an 'unknown' ssl connection - so nothing to worry about there. Vger Link to comment Share on other sites More sharing options...
♥Vger Posted December 26, 2004 Author Share Posted December 26, 2004 Yes, took a look at that post, and it wasn't the osCommerce script that caused the problem. It's not the 'Santy' php worm either, but it's the forerunner of it, and has been named Phpinclude.worm or Pyki.a worm. Provided that your 'admin' is locked down by password protection and behind an ssl, and your php version is updated you SHOULD be safe from it. Vger Hi Rhea, thanks, but it looks like it's too late for me :( ( http://www.oscommerce.com/forums/index.php?sho...44entry511644 ) Will ask my host to update to PHP4.3.10 asap, and hope it helps. <{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
Guest Posted December 26, 2004 Share Posted December 26, 2004 Thanks Rhea! I guess my host was wrong then. I will try to convince them to upgrade PHP Link to comment Share on other sites More sharing options...
♥Vger Posted December 26, 2004 Author Share Posted December 26, 2004 Whether or not your site was hit by the 'PHP Worm' or not is besides the point really. Until your host does upgrade their version of PHP to either 4.3.10 or 5+ your site remains vulnerable to it. All hosting companies must upgrade their versions of PHP, else all of their customer websites are open to hacking. Any hosting company which hasn't upgraded already or is actively working on it right now is putting all of their customers at risk. This PHP Worm problem is not going to go away. It is getting worse by the day. Click on any link on this site (http://dynamic3.gamespy.com/~fifa/?id=sitenews) and see what it says. It's been like this for days now. BTW I have absolutely no interest in football, just saw this referenced as one of the many sites hit. Vger Link to comment Share on other sites More sharing options...
♥Vger Posted December 26, 2004 Author Share Posted December 26, 2004 P.S. A serious bug was discovered in php in function unserialize(). That bug can be used to cause serious damage to websites that use software that uses that function. Vger Link to comment Share on other sites More sharing options...
Guest Posted December 26, 2004 Share Posted December 26, 2004 Whether or not your site was hit by the 'PHP Worm' or not is besides the point really. Until your host does upgrade their version of PHP to either 4.3.10 or 5+ your site remains vulnerable to it. All hosting companies must upgrade their versions of PHP, else all of their customer websites are open to hacking. Any hosting company which hasn't upgraded already or is actively working on it right now is putting all of their customers at risk. This PHP Worm problem is not going to go away. It is getting worse by the day.thanks again (nice quote to mail to the host :) ) Click on any link on this site (http://dynamic3.gamespy.com/~fifa/?id=sitenews) and see what it says. It's been like this for days now.the "defaced" text is still there, but they do seem to have PHP/4.3.10 installed now BTW I have absolutely no interest in football :D same here Link to comment Share on other sites More sharing options...
Guest Posted December 27, 2004 Share Posted December 27, 2004 Thank You for answering my question. I spent all of Christmas Eve and Christmas Day trying to figure out why my website was not appearing as it should. The one and only thing I found...in my Admin page...that set off alarms for me, was seeing that I went from NOT using SSL to all of sudden being protected by SSL. I wrote my webhost on Christmas Day, and they fixed the problem within minutes. Something was wrong with a config file. I assume it has something to do with enabling that SSL protection on their end. They fixed it immediately and notified me they had done so within a few minutes time, at most. However, even after they did the fix, I still see that I'm protected by an unknown SSL connection, so....that's why I was nervous about it; nervous enough to write and inquire. So....Thank You for answering my question and making me feel better. I do appreciate it. Happy Holidays! Andrea Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.