Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
2 - 1 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
   

Re: My Xoops site is hacked by exploits which create iframes
by Peekay on 2009/11/13 15:17:57

Just a note. If you do try out the 4G Blacklist and you allow new user registration, you are going to need to comment out:

# RedirectMatch 403 register\.

from the 'Specific Exploits' section.
Re: My Xoops site is hacked by exploits which create iframes
by Peekay on 2009/11/9 16:49:50

It's a good idea to keep user agents that identify themselves as Perl (or pycurl) off your server. Perl has perfectly valid applications, but sadly from our log, 100% of these requests are trying to access forbidden files, or install back doors by targetting files with known vulnerabilities, like the older spaw control class.

The UA can be cloaked, but it's surprising how many leave 'libwww-perl' in the string. We reduced intrusive traffic by thousands of requests simply by adding an htaccess file to the root directory containing:
le="color: #000000"><?php SetEnvIfNoCase user-agent "^.*(libwww-perl|curl|pycurl).*" getout <Limit GET POST> Order Allow,Deny Allow from all Deny from env=getout </Limit>

If your server supports MOD_REWRITE you can alternatively use that method to redirect the request, but the above should work on all Apache servers.

Of course the cloaked requests still get access, so we are currently testing The Perishable Press 4G Blacklist on a few XOOPS sites. This addition to htaccess (or httpd.conf) focuses on blocking illegal character use in the request rather than blocking user agents, which of course can be completely forged.

From the feedback, it appears that the content may need to be adjusted to suit certain applications (some Joomla users have had to remove a few blocked chars) but it looks really worthwhile.

HTH
Re: My Xoops site is hacked by exploits which create iframes
by bjuti on 2009/11/9 10:27:59

One more advice... Always have fresh backup of the site. At least just files, not the base. (but do backup of the base also!)

Almost every hosting have function in CPanel filebrowser to ZIP your entire dir. If it's not an option... copy files via ftp.

And keep it in archive (like zip), it's harder for trojan to add bad <iframes> in it. Then you could just copy your archive content over infected files on server.
Re: My Xoops site is hacked by exploits which create iframes
by shakirataylo on 2009/11/9 6:00:31

This is really helpful for me as I'm also facing the same problem. Thanks you guys for all the advice which I can find here.
Re: My Xoops site is hacked by exploits which create iframes
by onasre on 2009/10/16 17:26:13

One thing People Forget , that your Computer maybe Got Hacked and your Computer Now is a nest for the Hacker . So in any time you going to download Fresh files of XOOPS and unzip them to start uploading they will get infected again ..

1-First thing you Must do . is Make sure you check your Computer from any Viresus, Spyware, adware

use AVira , AVG, Malwarebytes..
i prefer Avira to check my files for viruses and Malwarbytes to check for adware.

when all clean .

2- Change Passwords to your Site account, ftp, emails..

3- when done .. Log in to your ftp , clean every thing, Because you might have the virus Layin somewhere in the files .

4- Upload fresh Files of xoops.

5-Make sure No Folder Chmod 777 but folders inside Xoops_data and config folder inside xoops_lib

Make sure your mainfile.php chmod to 444

6-Make sure the Modules and third party Programs u use are up to date and no known bugs been reported.

7- Change your admin password at your XOOPS site.

8- The last thing is make sure if you have enabled uploading to your site to disable it as it could be the Hole to where u got hacked..

Who's Online

215 user(s) are online (153 user(s) are browsing Support Forums)


Members: 0


Guests: 215


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits