1
martyboy
Site hacked 'again' how is this done?
  • 2005/10/9 11:34

  • martyboy

  • Quite a regular

  • Posts: 256

  • Since: 2004/5/25


Just this morning, I went to my site and the exact same thing had happened as a while ago(see this topic) looks like they had added links to porn sites this time into xoopspartners block and some custom blocks i had on the front page and it totally messed the front page up with all the blocks, etc being pushed down to the left.

I stiull dont know how this is accomplished, but after it happened the first time I did notice i did not have any index.html files in cache or templates_c(looks like the hackers alter files in both or one of these directories) so I put in index.html files but it still happened again. Either there is some security hole on myserver, im with surpass hosting and they are pretty secure I think, or XOOPS has a major flaw.

I am hoping someone here might know how this happened and a way to counteract it and if it is a XOOPS fault that hopefully someone will look into it and release a patch if neccesarry.

I'm using XOOPS 2.0.13.1
cache and templates_c are chmod to 777(is this right?)

I can give my server config if needed.

Cheers.

Quick note:the problem was easily fixed just delete files in cache and templates_c and update module html in admin.
Michael Jackson = King Of Pop

Xoops = King Of CMS

2
bluenova
Re: Site hacked again how is this done?

I had the same problem with surpass, where files were added to my cache folder which was chmod 707. I know it's possible to run shell commands through using cron, I can only think it must be another user on the same server, cause with a xx7 setting it would be possible for anyone with access to shell (if they've paid for it) or cron (which everybody on the server can access) to edit those files. But I'll never know for sure if that's how my site was accessed, just my guess. What I've done is add an .htaccess file with a line:
php_flag engine off
to disable php in those folders and chmod it 644, so at least they can't execute php files on your site. I've done it with all my sites, and it hasn't effected the running of them.

3
JMorris
Re: Site hacked 'again' how is this done?
  • 2005/10/9 12:56

  • JMorris

  • XOOPS is my life!

  • Posts: 2722

  • Since: 2004/4/11


The index.html file is a good first step. I would also recommend experimenting with the folder permission settings. For instance, I use 755 on cache, templates_c and uploads. According to some, this won't work; however, if the server is configured correctly, there will no problems at all with it. I've been doing this for a couple months on two different hosting accounts with no problems.

You should also turn off indexing through cPanel. That way, if there is not an index.html file in a directory, Apache won't automatically generate the directory listing for that directory. Instead, it will generat a 403 error.

You may want to contact surpass and have them check their access logs as well.

Best Regards,

James
Insanity can be defined as "doing the same thing over and over and expecting different results."

Stupidity is not a crime. Therefore, you are free to go.

4
martyboy
Re: Site hacked 'again' how is this done?
  • 2005/10/9 13:43

  • martyboy

  • Quite a regular

  • Posts: 256

  • Since: 2004/5/25


Thanks, I will implement some of those ideas right away.

Thanks for your help it is much appreciated.
Michael Jackson = King Of Pop

Xoops = King Of CMS

5
davidl2
Re: Site hacked 'again' how is this done?
  • 2005/10/9 13:48

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


You've a great site there Marty.

Login

Who's Online

325 user(s) are online (239 user(s) are browsing Support Forums)


Members: 0


Guests: 325


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits