There's a nasty worm floating around that targets and defaces phpBB forums. It uses google to find phpBB forums then it deletes all the php and html pages and replaces them with some cyber-ghetto grafitti. It does not harm forum users, just the bulliten board itself. Well of course, I maintain a phpBB site. The flaw is in PHP and not the forum script. The cure is to upgrade to the most recent version of PHP which is 4.3.10 I've already got the tarball file, but my unix skills are rusty, and pretty weak in the first place.

Here's the question:

Since my site already had php 4.1.3 installed, do I have to get rid of this before installing the new version? If yes, then how?


I am kinda hopeing that I can just gunzip the file into the existing PHP directory, do a MAKE, reboot, and be done with it. My life could never be this simple.

Any insight would be greatly appreciated. Explain it as you would to a child. I really don't wanna blow up that site.


Thank You,

-Richard

How you can update your PHP depends on how it was installed in the first place. Did it come from a binary package or the ports collection or did you just download a tarball and built it from there?

I just downloaded a tarball and built it from there.

Apparently the worm lives in a file called "m1ho2of". Getting rid of that would get rid of the worm too I suppose. Doesn't seem to be much info about disinfection tactics on the net yet.

It seems that you do not have to upgrade PHP to get around the worm: http://www.phpbb.com/phpBB/viewtopic.php?t=240513

Of course, it would be very silly to run a server with unpatched software.

This is a rough course of upgrading for you.. I haven't played with the Free flavour of BSD in some time so I improvise..

If you have customised the PHP configuration files then make a backup copy of them.

If you have the old tarball, unpack it and try to do a "make deinstall" or "make uninstall" or something similar. If such a thing is supported of course (so many people don't bother to put uninstall features in their sources ). Check if the configuration files are still there.

Get the new version from where you got the old one. Unpack, "./configure" and "make" (or do something more silly as described in README or INSTALL file). You may get loads of dependency errors and you may break any existing PHP modules you have installed, so be prepared for a rough ride.

Depending on where you got the thing from it may support "make reinstall". If not, do "make install". Check that your configuration files were upgraded or left intact. If not, modify the new ones.

I am getting ready for a rough ride. I do have the old tarball and i didn't see anything about uninstalling. Both versions came straight from php dot net and they don't have a tutorial on upgrading, just installing. I need to get a big ol cup of coffee and perhaps a Guinness or 2 and sit down for a long read.

I think my best course of action is to build a freeBSD machine at home that mocks the existing site, then upgrade it's php version. I've got a spare computer laying around and if I blow it up, it won't get me a pile of angry eMails for Christmas.

As for the worm itself, my site doesn't have it, and google blocked the search so it might not be in imenent danger, but as you pointed out, running a site with unpatched software is begging for trouble.

I'll check back in for hopefully more suggestions and ultimately I'll post the results of my experiment.

Many thanks!
-Richard

The uninstall thing is not critical really. It is just to prevent any obsolete files from the old version to remain in the system. It is not a big problem usually though.

I suggest you just build the new version and make (re)install. The test machine is a very good idea. It would be better if more people bothered with such a "waste of time" (including me )