1
smdcom
XOOPS Defaced

Hi all, my site http://www.xoopsmalaysia.org" has been deface please refer to http://www.zone-h.org/en/defacements/filter/filter_defacer=7crews/

i'm using XOOPS 2.0.7.1, but still they can defaced..

DEFACEMENT DETAILS
Date/time: 2004/08/23 13:25
Defacer: 7Crews
Domain: http://portal.xoopsmalaysia.org
Mirror: Display mirror
IP address: 203.81.38.130
System: Linux
Web server:
Attack method:
Extra information: mass defacement

please help... how to prevent this problem?

2
tom
Re: XOOPS Defaced
  • 2004/8/23 15:57

  • tom

  • Friend of XOOPS

  • Posts: 1359

  • Since: 2002/9/21


Xoops was not defaced, that was your server, try contacting your hosts for advice, and notify them of a security hole some where, they should look into it.

3
smdcom
Re: XOOPS Defaced

oh i see.. but other client site doesn't effect on the server... ? just this site only..

i already contact my hosting provider and notify them about this.. but they said nothing wrong with the site..

4
DonXoop
Re: XOOPS Defaced

Hard to say, do you know all the other sites on the server? Most common site crack is via the server (root) and not the html code on the site. But then again there are lots of ways to crack a poorly secured PHP site.

Have you looked at the server logs to find out what happened if they indeed came in through XOOPS itself or directly to your site (vs a rooted server)?

Xoops itself is pretty secure at the core if care is taken. 3rd party modules can pose a problem if they are sloppy or unprotected. I'm never comfortable with too many extras like stats and flashy topic unrelated content unless I make sure they can't be a conduit for crackers.

You need to find out what happened and fix it, they will be back. I get almost daily attempts at some kind of crack and they run the whole range of years old script kiddie nonsense to general server OS exploits to XOOPS specific attacks.

Logs, logs, logs. gots to look at the logs... if you can even trust the logs now. You can't trust the other files until you find out and fix.

5
DonXoop
Re: XOOPS Defaced

I just realized that it is listed as a "Mass Defacement". Look at the list of defacements for just this one IP. Even at least one Re-defacement. They will be back even with a secure xoops.

6
Mithrandir
Re: XOOPS Defaced

In general, what you can risk if your XOOPS is not safe (either through a non-discovered exploit or an unsafe 3rd party module) is a messed up database - either bogus data or data changed such as preferences, corrupted tables or changed passwords - or data deleted.

There is no way XOOPS can put e.g. a defacement index.html in ANY folder apart from cache, uploads and templates_c as these are the only folders, which are (or rather, which SHOULD be) writable by the server. And even then, it shouldn't be easy.

7
intel352
Re: XOOPS Defaced
  • 2004/8/23 19:33

  • intel352

  • Module Developer

  • Posts: 824

  • Since: 2003/11/23


change your ftp password maybe.

8
smdcom
Re: XOOPS Defaced

*************************************************

id;uname -a;uptime uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) Linux data1-sgstx.online-servers.biz 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686 i686 i386 GNU/Linux 16:30:45 up 3 days, 23:04, 5 users, load average: 1.53, 1.10, 1.26 Defaced by CyberWatch from 7Crewz Greetz to : Gorgom, HampasKelapa, Bad, M00n, kkbest, mAdam, backlab and All 7Crewz.

**************************************************

actually, i got this mesej... isn't server defacement or homepage defacement??

9
smdcom
Re: XOOPS Defaced

and i'm using Symantec Alert Box Module & istats Module... are there doesn't safe??

Login

Who's Online

194 user(s) are online (76 user(s) are browsing Support Forums)


Members: 0


Guests: 194


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits