1
tonycharman
Re: Xoops Hacked

duplicate



2
tonycharman
Re: Xoops Hacked

Hi my XOOPS version is: 2.0.16

Apache/1.3.33 (Unix)
PHP/4.4.7

Deleting the files within cache and template_c folders worked. I had to set up the XOOPS Protector Module Trust Path again in mainfile.php - but once that was done I was able to get back into admin. I have overwritten the hacked pda.php file. I am about to change the admin password.

I have looked at the protector module and it makes the following suggestions (PLEASE ADMIN DELETE THE FOLLOWING IF YOU THINK IT CONSTITUTES AN OPEN INVITATION)

'register_globals' on   Not secure
    This setting invites a variety of injecting attacks
.
    If 
you can put .htaccessedit or create...

    /
homepages/8/d162068134/htdocs/the-weald/cms/.htaccess

    php_flag   register_globals   off 

'allow_url_fopen' on   Not secure
    This setting allows attackers to execute arbitrary scripts on remote servers
.
    
Only administrator can change this option.
    If 
you are an adminedit php.ini or httpd.conf.
    
Sample of httpd.conf:
      
php_admin_flag   allow_url_fopen   off
    
Else, claim it to your administrators.

'session.use_trans_sid' off   ok

'XOOPS_DB_PREFIX' XOOPS   Not secure
    This setting invites 
'SQL Injections'.
    
Don't forget turning 'Force sanitizing *' on in this module's preferences.
  
Go to prefix manager

'mainfile.php' missing precheck   Not secure
    You should edit your mainfile
.php like written in README.


I am using 1&1 shared hosting and don't think I can create/edit the .htaccess file, but have written to them explaining that my site was compromised and asking their assistance with editing these files.

Many thanks for the input, now back to it's earlier state, but I want to lock it down tighter now.



3
tonycharman
Re: Xoops Hacked? Use your server file-dbbackup service!

Many thanks for the replies, sorry for the delay is getting back, I was sitting waiting for an email as I had checked "Notify me of new posts in this thread" - but none came.

Anyway, back to the problem. Here's where I am at:

I WAS using the Protector module! The only thing I can think of is that I did not set it up correctly?!

I have recieved the following email from my host:
Quote:
Dear Mr Tony Charman,

unfortunately we received a large number of complaints concerning Spam-Mails sent through your 1&1 Webspace (contractnumber: 8794217).

We have to bring to your attention that this kind of mass mailing is illegal and can be prosecuted.


I have changed mainfile.php to 444 (was on 644 - though I am not sure if this was since I overwrote it yesterday).

I have looked at my log file and have lots of the following entries:
2007/07/04-04:36:52 8.162068134.22652.1183516612 <= u40334275 Commandline=/usr/sbin/sendmail --i  ENV_Script=/the-weald/cms/pda.php ENV_Remote=41.205.186.90


I am going to have a look at that pda.php file and then decide where to go from there.



4
tonycharman
Xoops Hacked

Hi,
last night someone (Guide_Shen - Peruvians Rulez!) hacked my XOOPS site. I have managed to replace the mainfile.php and the index.php and the site operates ok. But logging in as admin gives the following screen and I am not sure what to do:

Resized Image

I did a google search on Peruvians Rulez! and there are a few other hacked sites, but no documentation on how to get it back. Any advice greatly recieved.

Tony



5
tonycharman
Re: Upgrade from 2.0.14 to 2.0.15 overwritten everything?

Hi zyspec.

Did I make a copy of the mainfile - No. The instructions did not tell me to do so.

I'm not sure where your quote came from. I copied the entire upgrade instructions in my first post. In any case your quote says to delete (not copy) mainfile.php before copying over the the htdocs/ folder. It is leaving a bit to mis-interpretation if the instructions don't absolutely state what you should do.

I am presuming here, after having read your quote again and again, that it means delete the local (not remote) copy... But in any case, as I said the instructions that came from my fresh download (13th Sept at 10.49am GMT) don't say that.

If it is the instructions within the upgrade folder of the xoops-2.0.15.zip file that need changing I suggest that this is ammended quickly before anyone else falls foul...

I host with 1&1 and they have kindly offered to "turn the clock back" 24hours by accessing a backup their system automatically makes. Pheww - fingers crossed!



6
tonycharman
Upgrade from 2.0.14 to 2.0.15 overwritten everything?

I believe I followed the upgrade installtion instructions to a "t":

Upgrade script instructions
--------------------------------------------

- Unzip the package
- Upload the *CONTENT* of the htdocs directory to your XOOPS root directory
- Upload the upgrade *FOLDER* inside your XOOPS root directory
- Login as an administrator
- Point your browser : <xoops_url>/upgrade/
- Follow the instructions
- DELETE THE upgrade FOLDER YOU JUST UPLOADED TO YOUR SERVER !!!

But When I get to "Login as an administrator" It takes me to the "install/index.php" and assumes it is a fresh install! Does this mean that everything has been overwritten? Did I do something wrong? Has anyone else suffered the same "error".

I am not sure where to go from here - I hope someone can get back to me quickly. Really hoping someone can save my day.

MSN is tonycharman@hotmail.com



7
tonycharman
Re: Not able to Modify Groups - Access Denied

Just to clean this thread up, I believe the cause of the messy install was my version of Cuteftp Pro.

I was using Version 7.1 and had previously encountered a very annoying bug that swopped over filename names when uploading. So onefile.php and twofile.php would appear to be uploaded correctly but onefile.php was in fact twofile.php and vice versa.

Installing Version 7.2 (which documents the above problem in the changelog) seems to give me an ftp client that now works.



8
tonycharman
Re: Not able to Modify Groups - Access Denied

I have taken the plunge and re-installed. I now have access to the Groups.

Many thanks to everyone for their input (Sorry I'm not usually a sarcy person)!



9
tonycharman
Re: Not able to Modify Groups - Access Denied

I know it has been the weekend, but I am pretty keen to get going on this.

Is it likely that this is an installation problem which would be fixed by a re-install?

Is there someone I could talk to online about the various possibilities? Hope to hear from someone soon



10
tonycharman
Not able to Modify Groups - Access Denied

Hi, I have a fairly new installation which I am trying to get up and running.

The main problem is not being able to modify Groups at: CP / System Admin / Edit Groups
I have Webmasters, Registered Users and Anon Users all listed and each with a Modify link - however clicking on that link comes back with Access Denied.

Here are the errors and Queries:

Groups Main »» Modify Group

Access Denied
All errors (6) queries (10) blocks (0) extra (0) timers (3)
Errors
Notice: Only variables should be assigned by reference in file /modules/system/admin/groups/groups.php line 92

Notice: Only variables should be assigned by reference in file /modules/system/admin/groups/groups.php line 96

Notice: Only variables should be assigned by reference in file /modules/system/admin/groups/groups.php line 97

Notice: Only variables should be assigned by reference in file /modules/system/admin/groups/groups.php line 100

Notice: Only variables should be assigned by reference in file /modules/system/admin/groups/groups.php line 111

Notice: Undefined variable: xoopsUser in file /modules/system/admin/comments/xoops_version.php line 33

Queries
SELECT * FROM xoops_config WHERE (conf_modid = '0' AND conf_catid = '1') ORDER BY conf_order ASC
SELECT sess_data FROM xoops_session WHERE sess_id = '7f5fde6bc2565b08614cd5eab1fd7d13'
SELECT * FROM xoops_users WHERE uid=1
SELECT * FROM xoops_modules WHERE dirname = 'system'
SELECT * FROM xoops_group_permission WHERE (gperm_name = 'module_admin' AND gperm_modid = '1' AND (gperm_groupid = '1' OR gperm_groupid = '2'))
SELECT * FROM xoops_groups WHERE groupid=1
SELECT * FROM xoops_group_permission WHERE (gperm_name = 'module_admin' AND gperm_modid = '1' AND gperm_groupid = '1')
SELECT * FROM xoops_group_permission WHERE (gperm_name = 'module_read' AND gperm_modid = '1' AND gperm_groupid = '1')
SELECT * FROM xoops_group_permission WHERE (gperm_name = 'block_read' AND gperm_modid = '1' AND gperm_groupid = '1')
SELECT * FROM xoops_group_permission WHERE (gperm_name = 'system_admin' AND gperm_modid = '1' AND gperm_groupid = '1')




TopTop
(1) 2 »



Login

Who's Online

241 user(s) are online (169 user(s) are browsing Support Forums)


Members: 0


Guests: 241


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits