Support Forums - All Posts - XOOPS Web Application System

1

Re: Username & Password HACK

2012/5/12 9:05
mutley8
Just popping in
Posts: 9
Since: 2012/3/23

UPDATE:
OK so it has been a while now and I have had no further 'unwanted' visitors gaining access to our website, Protector has stopped 4 attempts to login by 'Brute Force' which is great news, however I have a question you may be able to answer, I also installed Xortify as suggested, my only problem here is that I see in it's reports that it stops crawler robots such as MSN & Google from crawling the website... does this have an effect on how our websites get listed by the search engines ?
For us it is all about getting on search engines and being seen...
Suggestions or advice would be greatly appreciated.

Regards

2

Re: Username & Password HACK

2012/3/26 12:10
mutley8
Just popping in
Posts: 9
Since: 2012/3/23

Hi Mamba,
I am working through this, stage by stage, my first priority is to get unsecure passwords sorted even if the website has to stay closed for a few days, after running them all through an md5 hashcraker (not actually a cracker but a database of md5 hash codes that have been discovered) 301 were insecure.

All 3 admin usernames & passwords have been reset.

Hosting admin p/word changed, log files show no breach.

The process of changing the MySql database name and password is underway with a rebuild using xoops 2.5.4, if I am going to the trouble of sorting this issue I may as well start using the latest xoops !!

Once satisfied that all is working as it should and the new secure passwords are in place I will reopen the site with the new installation.

I can't thank you guys enough for your input, I am sure this is not a xoops issue, as I have said before I have several hobby sites built using xoops and never had this issue, but probably one of my own doing in my PHP/MySql coding.

3

Re: Username & Password HACK

2012/3/26 8:44
mutley8
Just popping in
Posts: 9
Since: 2012/3/23

UPDATE 4:
Firstly thanks to everyone who has chipped in on this matter, it really is quite calming that I have received help and advice from you.
I also think xoops is a secure platform, as yet I have not found an 'leaks' in my additional pages or coding but that does not mean there are not any so I continue to look.

OK, I opened the site for a few hours, in that time a property was added to the database, this was done I assume by the 'hacker' logging into an account as this is the only way it can be done, the page that adds a property to the database is also coded only to allow that member access to the page.

I also switched 'off' 'Members can change their own email', alas the email on the account was changed, so this now is becoming more confusing, with out this feature I am guessing it's an injection although Protector has not picked anything up...

On the comment of forced password change, personally not a good idea, do you know how many people contact me who have forgotten their password ('forgotten password' feature also disabled).

4

Re: Username & Password HACK

2012/3/25 12:48
mutley8
Just popping in
Posts: 9
Since: 2012/3/23

Drastic yes !!

I just want to be sure that this never happens again, I am currently going through all passwords and checking them in the hash tool to see if they are in fact secure.
I reality we only store names, phone numbers and addresses... nothing else so there is no benefit to anyone seeing these accounts.

Thank you for your help, it is very much appreciated.

5

Re: Username & Password HACK

2012/3/25 11:31
mutley8
Just popping in
Posts: 9
Since: 2012/3/23

UPDATE 3:
After checking the 'hacked' accounts I think redheadedrod & flipse are probably right, possibly a social engineering problem, on the client accounts that have been affected I ran their passwords through an md5 decoder which revealed their actual password. I have to say that most of the passwords were very 'un-original' and in most cases were simply a name....

There has been no breach of the database, so the only way in is to have username and password.

So the question is now do I change all my clients passwords?

Is there a xoops module that can do this and email the clients the new password?

So far only 5 accounts have been affected, with 600+ clients this is looking like a huge task !!

6

Re: Username & Password HACK

2012/3/24 17:32
mutley8
Just popping in
Posts: 9
Since: 2012/3/23

After all this I have just had 2 members details changed, nothing in Protector so I have to assume the database has in fact been breached....

7

Re: Username & Password HACK

2012/3/24 14:25
mutley8
Just popping in
Posts: 9
Since: 2012/3/23

UPDATE 2:
2.4.5 now installed and working, Protector 3.51 on, since installing there have been 2 attempts to get into the site, a me testing Protector is working and b not me but someone trying to login as a user.

a. ISOCOM
b. BRUTE FORCE

It looks like Protector has done the job of stopping the entry.

I will take into consideration the posibility of social engineering, but after the Protector report I am convinced there has been a hacker of some sort at work.
As for if the Usernames & passwords are in fact private.. how would I know if they were not?
Admins count for 3 of the members, myself included, the other two are family so I doubt they would be involved.

8

Re: Username & Password HACK

2012/3/24 9:38
mutley8
Just popping in
Posts: 9
Since: 2012/3/23

Hi redheadedrod, thx for the quick reply, firstly I don't think it is a xoops issue, I have several hobby sites for flight sim enthusiasts & other sites constructed for friends all of which use xoops as the core, none of these have ever been 'attacked'.

I have checked some of the passwords used by my clients in an md5 hack tool which unfortunately reveals their passwords correctly, that said the 'attacker' must also have the clients username to be able to log in, this is where I am stumpped.

There are several code snippets that use the core data, I am currently working through these to see if there is any information 'leaks'.

Modules used...
System 2
User Profile 1.57
Smart FAQ 1.08
News 1.64
XForum 5.46
Protector 3.4

Today I will upgrade to the latest version of xoops.

UPDATE:
Installed upto 2.5.4, unfortunately got a white screen after updating everthing, reverting back to 2.4.4 and updating to 2.4.5

Thanks for your interest.

9

Username & Password HACK

2012/3/23 20:07
mutley8
Just popping in
Posts: 9
Since: 2012/3/23

I have been using xoops for several years on hobby sites, last year I started using xoops as a backend for my business website www.eurodirectrentals.com, as a security thing I added a little code to a page so when my clients edit their details I get an automated email, today I got several in a short space of time which is unusual...
On checking the details I noticed that the clients original emails had been replaced with a 'free' gmx.com email address....
The clients original password has not changed (I have a backup of passwords for reference).

As yet I am stumpped as to how this has happened, any light would be good as I have had to close the backend until I get to the bottom of this issue.
Currently using 2.4.4

Thanks in advance

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: Username & Password HACK

Re: Username & Password HACK

Re: Username & Password HACK

Re: Username & Password HACK

Re: Username & Password HACK

Re: Username & Password HACK

Re: Username & Password HACK

Re: Username & Password HACK

Username & Password HACK

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}