[LA.pm] udp.pl

Benjamin J. Tilly ben_tilly at operamail.com
Mon Mar 7 15:27:50 PST 2005


"David Crean" <david at manicelement.com> wrote:
> 
> Hey,
> 
> I had sent a message about a perl spike on a cpu.  Appearently, 
> this is due to a worm that takes advantage of a vulnerability in 
> phpbb, attached to a file called udp.pl.  Anyone have any 
> experience with it?

I don't, but if you google for it you'll find out more.

I'd suggest (based on what I found quickly) that you should
upgrade to http://www.phpbb.com/phpBB/viewtopic.php?t=240636.
While doing that, you should also review all other PHP code
that you have.  PHP as a design philosophy has focussed on
convenience more than security, and many PHP programmers
aren't aware of what they are getting wrong.  The result is
that many PHP scripts have quality similar to what people
used to complain about with Perl CGIs back in Matt Wright's
heyday.

Cheers,
Ben


More information about the Losangeles-pm mailing list