Support Forums - All Posts - XOOPS Web Application System

1

Re: Xoopsgallery init_basic.php exploit

2008/1/7 11:10
cydud3
Just popping in
Posts: 50
Since: 2004/6/10

Yes I am running XOOPS 2.0.18 and have protector module installed. The protector module doesn't seem to catch it. It seems to be a new exploit discovered only this month. Details of the exploit is herehttp://packetstormsecurity.org/0801-exploits/xoopsgal-rfi.txt but since I'm not programmer, I can't really make heads or tails with it.

Any XOOPS developer have any idea how to fix? Thanks in advance.

2

Xoopsgallery init_basic.php exploit

2008/1/7 9:48
cydud3
Just popping in
Posts: 50
Since: 2004/6/10

My site has been consistently hacked for several weeks now. I've tried upgrading everything to the latest. However, xoopsgallery's latest (1.3.3.9) isn't stopping the exploits from happening. Does anybody know how to fix this file? Anybody out there that had the same problem?

I'd really appreciate any help as this matter is urgent. My site is currently offline until i can fix this problem. I'm looking at my logs in realtime and hack attempts don't stop.

3

Messed up user menu & other blocks

2008/1/4 5:49
cydud3
Just popping in
Posts: 50
Since: 2004/6/10

My website has been consistently hacked so I tried to upgrade everything. Now, some of my blocks aren't working properly. For example, my user block now looks like this:

Resized Image

Anyone know how to fix this? I uploaded a new theme and tried to use that but it didn't help. I don't really know where the change was made. It may have something to do with the templates. I upgraded to 2.0.18 using the full package.

Also, is it safe to empty the templates_c folder?

4

Re: Website hacked...need help upgrading!!

2007/1/5 9:05
cydud3
Just popping in
Posts: 50
Since: 2004/6/10

Thanks for at least suggesting something. Unfortunately, I reuploaded the full upgraded already...that's the first thing I did basically. Still, the problem exist. The site is still working fine though but I can't help but think that it's going to fall apart soon.

I hope any of the core developers will be able to see this and help me out.

5

Re: Website hacked...need help upgrading!!

2007/1/5 9:00
cydud3
Just popping in
Posts: 50
Since: 2004/6/10

Thanks for at least suggesting something. Unfortunately, I reuploaded the full upgraded already...that's the first thing I did basically. Still, the problem exist. The site is still working fine though but I can't help but think that it's going to fall apart soon.

I hope any of the core developers will be able to see this and help me out.

6

Re: Website hacked...need help upgrading!!

2007/1/4 5:54
cydud3
Just popping in
Posts: 50
Since: 2004/6/10

Bump....

I still need some help with this...anyone?

Can somebody tell me how a partial upgrade will affect my site? I've done everything except run the upgrade script. Or is there a manual way to run the script?

7

Re: Website hacked...need help upgrading!!

2007/1/3 14:13
cydud3
Just popping in
Posts: 50
Since: 2004/6/10

I need help urgently. I was able to upgrade to 2.0.14 successfully. I then tried to do an upgrade to 2.0.16 by uploading the upgrade package but when i tried to go to go tohttp://www.mysite.com/upgrade it gave me the following:

Quote:

Fatal error: Cannot redeclare class upgrade_2014 in /home/mysite/public_html/upgrade/upd-2.0.13-to-2.0.14/index.php on line 3

The funny thing is that I did the exact same upgrade on my other site and it worked fine.

If somebody knows how to fix this or work around it, please let me know ASAP.

8

Re: Website hacked...need help upgrading!!

2006/12/27 16:36
cydud3
Just popping in
Posts: 50
Since: 2004/6/10

Thanks for the suggestions. I will try to upgrade straight to 2.0.14 when I have the chance. This route seems to be easier than doing a complete reinstall. Maybe perhaps 2.0.16 has a similar option.

9

Website hacked...need help upgrading!!

2006/12/27 10:51
cydud3
Just popping in
Posts: 50
Since: 2004/6/10

Hi. I need someone to enlighten me how to upgrade my installation of Xoops. My website has been repeatedly hacked and I thought I should upgrade to the newest version in an attempt to stop this. I am running a couple of XOOPS websites, one of which is vital and cannot afford any downtime.

The version of XOOPS that I have currently is 2.0.11 and my problem is that I cannot find an upgrade package for this version. The closest ones I can find are the following:

Xoops-2.0.10-to-2.0.12a.zip
Xoops-2.0.12a-to-2.0.13.zip
xoops-2.0.14-to-2.0.16.zip

I'm not sure I can safely apply these updates since they skip version numbers between them. Can somebody please confirm if it is safe to do so.

Also, if anybody has suggestions on how to protect my XOOPS website from getting hacked please post and share. Thanks.

10

Re: Upgrading from 2.0.11 to 2.2

2005/7/27 14:30
cydud3
Just popping in
Posts: 50
Since: 2004/6/10

Is the 2.0.10-to-2.0.13 patch still available then? I can only see 2.0.13-2.2 patch in the downloads section.

If I upload the 2.2 full release, aren't there some files I shouldn't overwrite? Like mainfile.php perhaps?

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: Xoopsgallery init_basic.php exploit

Xoopsgallery init_basic.php exploit

Messed up user menu & other blocks

Re: Website hacked...need help upgrading!!

Re: Website hacked...need help upgrading!!

Re: Website hacked...need help upgrading!!

Re: Website hacked...need help upgrading!!

Re: Website hacked...need help upgrading!!

Website hacked...need help upgrading!!

Re: Upgrading from 2.0.11 to 2.2

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}