12
Just wondering what will be done with the results / who will decide what to do / who will implement the changes?
What is the procedure for this?
What is the procedure for this?
13
Hi Brash
Have you tried Pico from GIJOE (the evolution of TinyD, which came from Tiny Content)? I think it has a function to import directly from Tiny Content. Plus, it seems to work well on PHP5 (at least, I have found no problem with it).
Might save you a bit of cash :) But the downside is that GIJOE may not support further XOOPS development of his modules.
Have you tried Pico from GIJOE (the evolution of TinyD, which came from Tiny Content)? I think it has a function to import directly from Tiny Content. Plus, it seems to work well on PHP5 (at least, I have found no problem with it).
Might save you a bit of cash :) But the downside is that GIJOE may not support further XOOPS development of his modules.
14
Backup your site before anything happens to it!
If they have your admin hash it implies that someone probably had access to your database. I suggest that you change your database (MySQL) password (and all others, FTP, hosting account etc) immediately using *strong* passwords).
I also suggest you install the Protector module, and make sure you implement all the security enhances it provides (especially in this case change the prefix of your database tables. It has a function to let you do this).
Another possibility is that your database server is busted. Or that there's a crook in your hosting company. The list goes on and on :(
Check the permissions of your mainfile.php as well, read only. (Probably this was not the way, but doesn't hurt to check it).
What modules are you running? Are they the latest versions? You might want to check there have been no security patches for your modules lately.
If they have your admin hash it implies that someone probably had access to your database. I suggest that you change your database (MySQL) password (and all others, FTP, hosting account etc) immediately using *strong* passwords).
I also suggest you install the Protector module, and make sure you implement all the security enhances it provides (especially in this case change the prefix of your database tables. It has a function to let you do this).
Another possibility is that your database server is busted. Or that there's a crook in your hosting company. The list goes on and on :(
Check the permissions of your mainfile.php as well, read only. (Probably this was not the way, but doesn't hurt to check it).
What modules are you running? Are they the latest versions? You might want to check there have been no security patches for your modules lately.
15
Quote:
You really are an idiot. If you seriously wanted to let the admin know about a security problem why didn't you just TELL them instead of wasting people's time screwing up their site.
Pathetic. Get out of here.
and the reason for this hacking is nothing but to let the owner know how venerable his site is and the way he configured it. If any anonymous is allowed to edit your sites content why would he be so honest ?
You really are an idiot. If you seriously wanted to let the admin know about a security problem why didn't you just TELL them instead of wasting people's time screwing up their site.
Pathetic. Get out of here.
17
I rented a server recently to host my XOOPS sites. Pretty soon I started seeing attempted logins to SSH and FTP, testing long lists of common user names, presumably for common and default passwords.
After a couple of weeks there were hundreds of attempted logins per day. Then more than a thousand. Yesterday it was more than 6,600 (say one attempt every 4.5 seconds!) and I started getting brute force attack warnings from the server.
I know that a certain amount of random probing is normal, but at what point do you start to think it may be a targetted attack? Appreciate any feedback from other server admins.
I have disabled password authentication on SSH and shut down the FTP service as a precaution, when not in use.
After a couple of weeks there were hundreds of attempted logins per day. Then more than a thousand. Yesterday it was more than 6,600 (say one attempt every 4.5 seconds!) and I started getting brute force attack warnings from the server.
I know that a certain amount of random probing is normal, but at what point do you start to think it may be a targetted attack? Appreciate any feedback from other server admins.
I have disabled password authentication on SSH and shut down the FTP service as a precaution, when not in use.
18
Quote:
The XOOPS core has been around for a fair while now and yes, it has proven to be quite secure compared to similar systems.
If you are getting hacked then it is likely that you i) didn't keep up to date with patches and/or ii) were using old, unmaintained modules (right?). If you are actually *losing* sites to hackers then where were your regular backups? These things are responsibility of webmaster.
Protector adds another layer of protection to your website, which can help guard against flaws in both the core and modules. I agree some of the functionality would be good in the core, but in the meantime, its a good module to have.
2. Security, I have seen jokes on other peoples websites about security on XOOPS I have lost 2 sites to hackers. IS XOOPS secure? How secure compared to other boards/cms products?
The XOOPS core has been around for a fair while now and yes, it has proven to be quite secure compared to similar systems.
If you are getting hacked then it is likely that you i) didn't keep up to date with patches and/or ii) were using old, unmaintained modules (right?). If you are actually *losing* sites to hackers then where were your regular backups? These things are responsibility of webmaster.
Protector adds another layer of protection to your website, which can help guard against flaws in both the core and modules. I agree some of the functionality would be good in the core, but in the meantime, its a good module to have.
19
This is a very old thread, don't worry.
It is quite normal for script kiddies to use automated tool to troll the net for unpatched sites (if you look through your logfiles you will see all kinds of attempts). If you do leave your site unpatched when there is a known vulnerability, then sooner or later you will get hit (fact of life of the internet).
Just keep your site patched and backup regularly. If you have a backup then a hack is just a temporary inconvenience (rather than a disaster).
It is quite normal for script kiddies to use automated tool to troll the net for unpatched sites (if you look through your logfiles you will see all kinds of attempts). If you do leave your site unpatched when there is a known vulnerability, then sooner or later you will get hit (fact of life of the internet).
Just keep your site patched and backup regularly. If you have a backup then a hack is just a temporary inconvenience (rather than a disaster).
20
I think temporarily removing modules with known vulnerabilities from the module repository is a good idea (just until they are fixed).
I don't know if there a way to kick people into patching their sites. Have to learn the hard way.
I don't know if there a way to kick people into patching their sites. Have to learn the hard way.
Login
Search
Recent Posts
Who's Online
Donat-O-Meter
| Stats | |
| Goal: | $100.00 |
| Due Date: | Apr 30 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|