Support Forums - All Posts - XOOPS Web Application System

31

Re: How to find members of a group?

2008/2/22 23:16
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

Hello Bandit-X,

Could this hack be applied (or modified) to XOOPS v2.2.4?

Thanks,
C

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

32

[SOLVED] Re: Content Module Question

2008/2/22 0:10
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

I just wanted post the solution I found elsewhere. So far, everything seems to be working on the site AND it's preventing spammers/hackers from adding their URL after my index.php pages.


RewriteCond %{QUERY_STRING} https?:

RewriteRule .* - [F]

C

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

33

Content Module Question

2008/2/20 3:14
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

I have found many attempts in my access log files of people adding an URL after index.php? in the content module.
Ex: index.php? http bad-domain-dot-com along with head and other commands in URL (rephrased and spaced so I won't be banned by Protector!)

I have Protector 3.02 and it didn't seem to stop or ban them. Is there anything I can do in .htaccess file to redirect hackers trying to add an URL to any index.php page? Like send them to 404 or some other error page - or send them off the planet?

Thanks in advance.
Cuidiu

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

34

Re: Spam and/or Hack Attempt

2008/2/5 20:35
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

Thanks for that info. I guess I still am not clear. Is this something XOOPS is vulnerable to?

Quote:

blueteen wrote:
Often, a picture called like this (remote url), is a malicious code in reality. (on windows system, try to download this picture, then edit with a text editor).
This is a way to deface or hack your website/server.

It's a good thing to contact the provider's abuse service, providing the link to the picture, some logs samples and few words.

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

35

Spam and/or Hack Attempt

2008/2/5 18:07
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

Hi All,

My logs show someone is messing with my XOOPS 2.2.4 site. Why would someone do this:
domain.com/userinfo.php?uid=http://trashyspamsite.com/pictureofme?

Is there a way to spam a XOOPS site doing the above or does this apply to some other CMS with a vulnerability?

TIA,

Cuidiu

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

36

Re: anyone notice an increase of suspicious entries in the error log?

2007/8/31 17:04
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

Yes. What do your suspicious entries look like? I posted about mine here in this thread.

Quote:

Bandit-X wrote:
anyone notice an increase of suspicious entries in the error log?

i have been getting a lot of entries that look suspicious.. well not only look but are...

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

37

Re: SQL Injection

2007/8/31 15:34
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

I've been away and it appears I've missed a few things. I'm still using version 2.0.16. Should I upgrade to Herve's version or use this revision 997 Marco mentioned? I don't know much about PHP. How would I incorporate rev 997?

Also, I have a few XOOPS v 2.2.4 sites - highly customized. I can't upgrade to 2.2.5 because of all the customizations. Hopefully the SQL injection does not affect the 2.2.4 version?

Quote:

Marco wrote:
those sort of issues have already been reported to core. The team is aware of that, dugris has incorporated those in a dedicated branch (see revision 997http://xoops.svn.sourceforge.net/viewvc/xoops/?pathrev=997). Herve's 2.0.17 has fixed all of the strongest holes. The core team decided not to add those in the official 2.0.17 (http://sourceforge.net/forum/message.php?msg_id=4471768)
bad.
marco

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

38

CBB 3.08 PDF Question

2007/8/30 22:28
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

I have a PDF attached to a post. I can open it with Firefox and Internet Explorer 6 but cannot open with Internet Explorer 7. All I get is a little x as though it's missing an image. I can open other PDFs with IE7 - just not the ones attached in a CBB post. Can someone help me figure this out please?

Thanks in advance.

EDITED TO ADD:

I just did an experiment. In 2.0.16 - in CBB the PDF opens just fine. In 2.2.4 CBB the PDFs do not open in IE7. Hopefully, someone can help??

EDITED AGAIN TO ADD:
Actually, I just tried it in another 2.2.4 site and the PDF opens fine. Something must be missing....? And yet it opens in other browsers. I just don't get it!

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

39

No RSS Feed - How?

2007/8/28 5:25
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

Using Xpress - the organization will be using this for private blog posts within the organization (members only). I just want to make sure no feeds are available to blogfeeders that come around. How can I turn this off? I've removed a few lines in the head of the template and removed from the Update Services "When you publish a new post, WordPress automatically notify" so nothing is in that box. But I want to make sure I'm not missing anything. There's no disable RSS Feed option that I can see. Would someone please help?

TIA,
Cuidiu

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

40

Re: Hacking or MySQL Injection Attempt?

2007/8/23 15:57
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

Quote:

McDonald wrote:
What versions (Xoops and Newbb) are you both using?

Most recent for both.

Quote:

And, do you have the module Protector installed?

Absolutely. No record was found in Protector for these attempts. I was surprised but thought perhaps it's not the level Protector would be concerned about OR it's a new vulnerability/hack and not yet documented. But I don't know much about Protector so...

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: How to find members of a group?

[SOLVED] Re: Content Module Question

Content Module Question

Re: Spam and/or Hack Attempt

Spam and/or Hack Attempt

Re: anyone notice an increase of suspicious entries in the error log?

Re: SQL Injection

CBB 3.08 PDF Question

No RSS Feed - How?

Re: Hacking or MySQL Injection Attempt?

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}