Matt Readhttp://www.mattread.com/archives/2004/12/this-site-is-defaced/2007-04-06T14:58:21-04:002013-03-08T22:59:26-05:002004-12-22T10:49:43-05:00<p>Looks like a lot of sites running phpBB 2.x have been getting hit by the Perl.Santy worm. <a href="http://securityresponse.symantec.com/avcenter/venc/data/perl.santy.html">Symantec Security Response</a> says, <q cite="http://securityresponse.symantec.com/avcenter/venc/data/perl.santy.html">Perl.Santy is a worm written in Perl script that attempts to spread to Web servers running versions of the phpBB 2.x...</q> .</p> <p>So, if like <a href="http://a.trendyname.org/">cLin</a>, your running phpBB you should really check the <a href="http://www.phpbb.com/">phpBB site</a> to see what measures need to be taken. <!--more--></p> <p>The worm, deletes certain types of files, including <code>.asp .jsp .php</code>, and puts the following on the site that was compromised:</p> <div style="background: #000; padding: 10px; margin: 20px 0;"><h1 style="color: red;">This site is defaced!!!</h1><hr /><p style="color: red;">NeverEverNoSanity WebWorm generation 11.</p></div>