1
Reosys
Xoops Hacked!!!
  • 2003/11/15 18:00

  • Reosys

  • Just popping in

  • Posts: 9

  • Since: 2003/2/1 1


I visit the excelent site INCONNUETEAM http://www.inconnueteam.net/ and read F4KELIVE OWNZ U !

Can XOOPS be hacked? There is a bug?
Please, be alert all developers and coders.

Thanks in advance

Reosys

2
ronhab
Re: Xoops Hacked!!!
  • 2003/11/15 19:42

  • ronhab

  • Friend of XOOPS

  • Posts: 160

  • Since: 2003/4/27


Anything can be hacked.

I don't see anything wrong with your site, however. No defacements or anything. Have you fixed it or am I missing something because I don't speak/read French?

3
Anonymous
Re: Xoops Hacked!!!
  • 2003/11/15 20:17

  • Anonymous

  • Posts: 0

  • Since:


Just visited the site and received same message, looks hacked to me. Got the message along with a big graphic on the downlaods section

Any site, can be hacked just takes time. XOOPS is password protected, crack the password and your in. So best make sure its a strong password that can at least withstand a dictionary attack.

4
mvandam
Re: Xoops Hacked!!!
  • 2003/11/15 22:23

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Looks to me more like someone hacked the webserver. Try going to http://www.inconnueteam.net/admin.php and you get the correct behaviour (no permission). Try going to http://www.inconnueteam.net/modules/news/article.php and you get the correct message 'article does not exist'.

But if you go to http://www.inconnueteam.net/modules/mylinks/index.php then you get the hacked page. This could be done either by replacing the actual index.php file with the hacked script... OR, it could be done with a 'mod_rewrite' type of rule (in the webserver) which loads the hacked scripted whenever the URL is e.g. http://www.inconnueteam.net/modules/[.+]/index.php . Anyways, this is just a guess. I hope the admins of that site can post here (or PM the core team) once the problem is found. I'd be very interested to know if it is just a webserver hack (especially a risk on shared hosting) or if it is an actual XOOPS vulnerability that has been unconvered.

Thanks.


Login

Who's Online

345 user(s) are online (225 user(s) are browsing Support Forums)


Members: 0


Guests: 345


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits