Posted on: 2007/6/9 23:15
Serious 2.0.16 hack risk
---Just dropping by for a second to issue an alert based on an experience I encountered this week---
I have had three of my sites hacked by very nasty people. All of the sites were running XOOPS 2.0.16 installed as it should be. One of the sites had 3 phishing sites embedded on it.
Most of the illegal activity was centered in the uploads directory although certain modules like bmsurvey were also violated. I have shut the sites down and will recreate them later.
For now I just want to let the community know they should closely examine their sites including looking for the following:
3. uploads/newbb in each instance this directory as well as one labeled uploads/smartsection and uploads/smartpartner were converted into phishing sites
4. look for any directories where the privs are set to 000 (these seem to be an indication of problems)
5. If you run cpanel access File Manager and select each directory icon if you get a php download request, the file has been most likely compromised.
I hope this helps folks avoid the horrible week I've had trying to clean this mess up. Good luck!