xoops forums

Forum Index


Board index » All Posts (Cuidiu)




Cuidiu

Quite a regular
Posted on: 2008/2/22 23:16
Cuidiu
Cuidiu (Show more)
Quite a regular
Posts: 358
Since: 2006/4/23
#31

Re: How to find members of a group?

Hello Bandit-X,

Could this hack be applied (or modified) to XOOPS v2.2.4?

Thanks,
C
Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)


Cuidiu

Quite a regular
Posted on: 2008/2/22 0:10
Cuidiu
Cuidiu (Show more)
Quite a regular
Posts: 358
Since: 2006/4/23
#32

[SOLVED] Re: Content Module Question

I just wanted post the solution I found elsewhere. So far, everything seems to be working on the site AND it's preventing spammers/hackers from adding their URL after my index.php pages.

RewriteCond %{QUERY_STRINGhttps?:
RewriteRule .* - [F]


C
Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)


Cuidiu

Quite a regular
Posted on: 2008/2/20 3:14
Cuidiu
Cuidiu (Show more)
Quite a regular
Posts: 358
Since: 2006/4/23
#33

Content Module Question

I have found many attempts in my access log files of people adding an URL after index.php? in the content module.
Ex: index.php? http bad-domain-dot-com along with head and other commands in URL (rephrased and spaced so I won't be banned by Protector!)

I have Protector 3.02 and it didn't seem to stop or ban them. Is there anything I can do in .htaccess file to redirect hackers trying to add an URL to any index.php page? Like send them to 404 or some other error page - or send them off the planet?

Thanks in advance.
Cuidiu
Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)


Cuidiu

Quite a regular
Posted on: 2008/2/5 20:35
Cuidiu
Cuidiu (Show more)
Quite a regular
Posts: 358
Since: 2006/4/23
#34

Re: Spam and/or Hack Attempt

Thanks for that info. I guess I still am not clear. Is this something XOOPS is vulnerable to?

Quote:

blueteen wrote:
Often, a picture called like this (remote url), is a malicious code in reality. (on windows system, try to download this picture, then edit with a text editor).
This is a way to deface or hack your website/server.

It's a good thing to contact the provider's abuse service, providing the link to the picture, some logs samples and few words.
Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)


Cuidiu

Quite a regular
Posted on: 2008/2/5 18:07
Cuidiu
Cuidiu (Show more)
Quite a regular
Posts: 358
Since: 2006/4/23
#35

Spam and/or Hack Attempt

Hi All,

My logs show someone is messing with my XOOPS 2.2.4 site. Why would someone do this:
domain.com/userinfo.php?uid=http://trashyspamsite.com/pictureofme?

Is there a way to spam a XOOPS site doing the above or does this apply to some other CMS with a vulnerability?

TIA,

Cuidiu
Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)


Cuidiu

Quite a regular
Posted on: 2007/8/31 17:04
Cuidiu
Cuidiu (Show more)
Quite a regular
Posts: 358
Since: 2006/4/23
#36

Re: anyone notice an increase of suspicious entries in the error log?

Yes. What do your suspicious entries look like? I posted about mine here in this thread.

Quote:
Bandit-X wrote:
anyone notice an increase of suspicious entries in the error log?

i have been getting a lot of entries that look suspicious.. well not only look but are...
Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)


Cuidiu

Quite a regular
Posted on: 2007/8/31 15:34
Cuidiu
Cuidiu (Show more)
Quite a regular
Posts: 358
Since: 2006/4/23
#37

Re: SQL Injection

I've been away and it appears I've missed a few things. I'm still using version 2.0.16. Should I upgrade to Herve's version or use this revision 997 Marco mentioned? I don't know much about PHP. How would I incorporate rev 997?

Also, I have a few XOOPS v 2.2.4 sites - highly customized. I can't upgrade to 2.2.5 because of all the customizations. Hopefully the SQL injection does not affect the 2.2.4 version?

Quote:

Marco wrote:
those sort of issues have already been reported to core. The team is aware of that, dugris has incorporated those in a dedicated branch (see revision 997 http://xoops.svn.sourceforge.net/viewvc/xoops/?pathrev=997). Herve's 2.0.17 has fixed all of the strongest holes. The core team decided not to add those in the official 2.0.17 (http://sourceforge.net/forum/message.php?msg_id=4471768)
bad.
marco
Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)


Cuidiu

Quite a regular
Posted on: 2007/8/30 22:28
Cuidiu
Cuidiu (Show more)
Quite a regular
Posts: 358
Since: 2006/4/23
#38

CBB 3.08 PDF Question

I have a PDF attached to a post. I can open it with Firefox and Internet Explorer 6 but cannot open with Internet Explorer 7. All I get is a little x as though it's missing an image. I can open other PDFs with IE7 - just not the ones attached in a CBB post. Can someone help me figure this out please?

Thanks in advance.

EDITED TO ADD:

I just did an experiment. In 2.0.16 - in CBB the PDF opens just fine. In 2.2.4 CBB the PDFs do not open in IE7. Hopefully, someone can help??

EDITED AGAIN TO ADD:
Actually, I just tried it in another 2.2.4 site and the PDF opens fine. Something must be missing....? And yet it opens in other browsers. I just don't get it!
Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)


Cuidiu

Quite a regular
Posted on: 2007/8/28 5:25
Cuidiu
Cuidiu (Show more)
Quite a regular
Posts: 358
Since: 2006/4/23
#39

No RSS Feed - How?

Using Xpress - the organization will be using this for private blog posts within the organization (members only). I just want to make sure no feeds are available to blogfeeders that come around. How can I turn this off? I've removed a few lines in the head of the template and removed from the Update Services "When you publish a new post, WordPress automatically notify" so nothing is in that box. But I want to make sure I'm not missing anything. There's no disable RSS Feed option that I can see. Would someone please help?


TIA,
Cuidiu
Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)


Cuidiu

Quite a regular
Posted on: 2007/8/23 15:57
Cuidiu
Cuidiu (Show more)
Quite a regular
Posts: 358
Since: 2006/4/23
#40

Re: Hacking or MySQL Injection Attempt?

Quote:
McDonald wrote:
What versions (Xoops and Newbb) are you both using?

Most recent for both.

Quote:
And, do you have the module Protector installed?

Absolutely. No record was found in Protector for these attempts. I was surprised but thought perhaps it's not the level Protector would be concerned about OR it's a new vulnerability/hack and not yet documented. But I don't know much about Protector so...
Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)



TopTop
« 1 2 3 (4) 5 6 7 ... 35 »