1
m0nty
Simiens Crew??? wtf
  • 2005/1/28 16:09

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


Simiens Crew, por um mundo melhor

ok so please tell me that if they polite enough to leave a call sign, then they are at least willing to inform the devs of how they did it? :S

2
tripmon
Re: Siemens Crew??? wtf
  • 2005/1/28 16:13

  • tripmon

  • Module Developer

  • Posts: 462

  • Since: 2004/2/28


I SAW THAT TOO!!!

portuguese script kiddies....

for a better world????

Quick somebody call GIJOE,

PROTECTOR Needs to know!

3
ackbarr
Re: Siemens Crew??? wtf

they did leave a call sign, we are still determining the point of entry. I will follow up once I know more.

4
talunceford
Re: Siemens Crew??? wtf

Its a permissions thing on the server, Ima guessing..... Not sure how though.

5
ackbarr
Re: Siemens Crew??? wtf

protector is installed on xoops.org. It looks like they gained access through an unpatched vulnerability in awstats. Awstats has been removed from the server, but so far it looks like the point of the attack was only graffiti.

6
talunceford
Re: Siemens Crew??? wtf

Well, at least the hole has been found.

7
m0nty
Re: Simiens Crew??? wtf
  • 2005/1/28 16:54

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


yep that's good to hear :)

at least that's all it was is graffiti, and it identifies 1 more vulnerability that wasn't discovered till now :) s'pose that's 1 good thing about em..

8
DonXoop
Re: Simiens Crew??? wtf

Quote:
s'pose that's 1 good thing about em..


It is never a good thing, only slightly less nasty than a full defacement. If someone spray painted my garage I'd be very upset.

Anyway, I missed the excitement but can assume that it was the same bandits that make it around to a lot of sites they scoop off this very board. I've seen attempts like this on mine in the past.

stats, if that is where the hole was then it should give pause to anyone using it (it's 3rd party, not core). I know stats are popular on a lot of sites but I've never been comfortable with them. Much safer and more efficient to keep that a function outside of XOOPS all together (same for database admin). Pulling aggregate info into a block is ok if done right but live stats and blingy numbers aren't worth the risk IMHO.

Oh, they are reading this thread right now... yuck.. have a good laugh jokers.

9
ackbarr
Re: Simiens Crew??? wtf

FYI - awstats is a seperate application, not a XOOPS module. The vulnerability they exploited was "announced" on 1-17, but for some reason was not posted to the bugtrack mailing list.

10
gravies
Re: Simiens Crew??? wtf
  • 2005/1/29 19:21

  • gravies

  • Not too shy to talk

  • Posts: 119

  • Since: 2004/8/18


Has awstats been confirmed as the entry point for these Simiens Crew attacks? One of my XOOPS sites just got attacked by these guys. As I don't admin the server I cannot easily check the logs etc. The machine also has telnet and ftp ports open so I wonder if they came in via another route...

The site was XOOPS 2.7.3.

Login

Who's Online

399 user(s) are online (298 user(s) are browsing Support Forums)


Members: 0


Guests: 399


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits