1
brash
MyDownloads 1.1 and MyLinks 1.1 Hacked
  • 2005/1/3 23:30

  • brash

  • Friend of XOOPS

  • Posts: 2206

  • Since: 2003/4/10


Hi All,

Came back from the end of year break to find that my site looks to have been hacked with some sort of SQL injection attack. What happened was the the mydownloads_text and mylinks_text had multiple instances of of the same record. Not a huge problem to fix as all I had to do was export the effected tables to SQL, edit the SQL so that only one instance of each record existed, deleted the live tables and then imported my modified SQL back in.

This is the second time this has happened to me. The first time was over 12 months ago, and I just thought it was something I must have done as I was migrating my site at the time. I'm not so sure this time around. Just wondering if anyone knew what made these modules (MyDownloads & MyLinks) in particular vunrable to this sort of attack, and if anyone knew of anyway to prevent it?

2
jdseymour
Re: MyDownloads 1.1 and MyLinks 1.1 Hacked

If it is an SQL injection attack GIJOE's protector could help.

Not sure of your setup. But I just installed it myself recently.

I was kind of hesitant posting this because I am sure you have seen the postings about the protector module. Anyway HTH.

3
brash
Re: MyDownloads 1.1 and MyLinks 1.1 Hacked
  • 2005/1/4 22:04

  • brash

  • Friend of XOOPS

  • Posts: 2206

  • Since: 2003/4/10


Thanks the post jdseymour. Never be hesitant about posting the obvious, especially when I am involved . I had looked at the protector mod before when it first came out, but for some reason my brain never clicked over that extra cog to register that it might be what I was looking for in this case. Just couldn't see the forest for all the trees . It's all installed and configured now, thanks .

4
Rhomal
Re: MyDownloads 1.1 and MyLinks 1.1 Hacked
  • 2005/1/4 22:49

  • Rhomal

  • Quite a regular

  • Posts: 274

  • Since: 2004/10/5


Call me crazy but if theres a exploit in either one of those modules, shouldn't they be addressed/fixed rather then find a work around the exploit?

5
brash
Re: MyDownloads 1.1 and MyLinks 1.1 Hacked
  • 2005/1/4 23:11

  • brash

  • Friend of XOOPS

  • Posts: 2206

  • Since: 2003/4/10


In general yes, if you know where the specific exploit is. This can take considerable time, which in most cases means there will be no quick fix. Installing Protector is just as effective, but instead of relying on bug fixes for specific exploits, it is like a big blanket that simply stops ALL of these types of exploits. So really I would say installing protector is infact the better option as I'm now covered from all SQL injection attacks on all modules (as well as other hacks) instead of this one specific exploit in just these two modules.

6
Rhomal
Re: MyDownloads 1.1 and MyLinks 1.1 Hacked
  • 2005/1/5 2:04

  • Rhomal

  • Quite a regular

  • Posts: 274

  • Since: 2004/10/5


I have a commerical firewall on my web server, only allowing port 80 and 6667 (for my irc server) to go through. Does this help at all to protect me from these exploits or should I still install this module?

7
brash
Re: MyDownloads 1.1 and MyLinks 1.1 Hacked
  • 2005/1/5 2:21

  • brash

  • Friend of XOOPS

  • Posts: 2206

  • Since: 2003/4/10


If your firewall only does port filtering, then it would be advisable to install Protector as well. Most of these exploits all access your server through the standard port 80, but where they go to work is if you are using loose php and XOOPS security setups.

8
Rhomal
Re: MyDownloads 1.1 and MyLinks 1.1 Hacked
  • 2005/1/5 3:11

  • Rhomal

  • Quite a regular

  • Posts: 274

  • Since: 2004/10/5


I use the latest blackice. It catches ALOT of hax0resque activity on port 80 and auto blocks it. Is that good enough or no?

9
brash
Re: MyDownloads 1.1 and MyLinks 1.1 Hacked
  • 2005/1/5 3:29

  • brash

  • Friend of XOOPS

  • Posts: 2206

  • Since: 2003/4/10


Not a fan of Blackice. Last time I read up about it it only offered protection in one direction (same as Windows default firewall) and they also engaged in some unethical/unprofessional behaviour (i.e they cheated) in order to pass a test from Steve Gibson's site (http://www.grc.com) . I would look at using Sygate or ZoneAlarm myself.

10
Rhomal
Re: MyDownloads 1.1 and MyLinks 1.1 Hacked
  • 2005/1/5 4:01

  • Rhomal

  • Quite a regular

  • Posts: 274

  • Since: 2004/10/5


I use it because frankly I dont care whats going out... coming in is my concern. So on that level it does not bother me. Now if I was looking for a fully functional firewall for my workstationthat yes I prob wouldnt use BI.

With that said, I have yet to find a firewall that does what BI does. Not only logs what the attacker tried to do but does a reverse IP look up.

I have whacked a few script kiddies that annoyed me off the net by sending my BI logs to their ISPs.

I am not saying BI is fo everyone nor dos it fit every situation, but for a added layer of protection for a server i have found it useful. My 2 coppers

Login

Who's Online

585 user(s) are online (481 user(s) are browsing Support Forums)


Members: 0


Guests: 585


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Oct 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits