Latest Update:
NewBB is not the problem. My hosting service got back to me again and explained that I was not the source. They are now working on restoring my website with their Dec. 17th backup. Great web hosting service. Any problems I have had have been responded to/fixed within minutes. :)

Thanks again to all those who helped me understand what was happening.

Waterkid
Xoops Rookie :)


My website was infected by the "NeverEverNoSanity WebWorm generation 8." worm. Does anyone know where there might be a weak point in xoops?

Website:http://waterkid.net

Update:
I received the following message from my hosting service:
"Hello,

There is a worm that exploits PHPBB forums and injects a Perl script that will traverse the server, looking for worldwritable files. The script will also search google for other phpBB forums and try to infect them as well.

The overwritten files were all with 666 or 777 permissions (worldwritable) and thus were overwritten.

You need not use 777 or 666 permissions on our server anymore. We have started using SuExec on the server, which greatly improves the security and stability. This environment also executes scripts with the user credentials, instead of the Apache ones, so your scripts can access all your files and folders.

We have urgently patched all the faulty customer phpBB boards to stop the worm attacks against our servers already.

We can restore your site from our backups, dated 10 and 17 Dec. Please advise which backup we shall use.

Best Regards,
Support"

I have never used phpBB software. Is it possible that newBB was based on phpBB script making it vulnerable to this worm?

Thanks in advance for your help!

check your accesslog. and trace how the attackers get through your server. ask your administrator. might be a weak in your hosting server. if XOOPS has a hole this is will be hacked also. i believe XOOPS can't be hacked.

SMD

smdcom - thanks for the vote of confidence, but nothing is un-hackable. That said I took a look at the vulnerability in question, and I do not think that newbb is vulnerable to it. I also spent a little bit reading the perl script that is used to exploit this hole. Though I don't speak perl well, if I read the code correctly, once the exploit begins, the worm traverses the directory tree overwriting every PHP, HTML, and ASP script it can get its gruby little paws on. If anything, this might mean that files in your directory were world-writable.

The problem was not XOOPS, but phpBB. Look athttp://www.kaspersky.com/news?id=156681162

I hope the phpBB2>newbb2 converter will be available soon.

Thanks for the reply. Here is my issue:

I have never installed nor used phpBB before. The first time I became familiar with setting a forum on my website was through xoops.

As ackbarr says, this targets phpBB but can then affect other sites on the same server, even if you don't run phpBB. It's nice to see your host has at least responded to the problem. There's some more info here:

http://www.f-secure.com/v-descs/santy_a.shtml
http://www.viruslist.com/en/viruses/encyclopedia?virusid=68388

just a advice. tell your hosting admin to update the anti-virus on thier server. but it's really nice because your host responded to the problem.

SMD

I got the big picture now. Thank you so much to all of you who replied. I have been spending the last hour looking for phpBB files on my account just in case, but now I understand that I am not the cause of the problem...someone else on the same server using phpBB is.

Thanks again for all your help. I greatly appreciate it.

Waterkid