1
1000ac
Is Xoops safe?
  • 2006/4/27 17:23

  • 1000ac

  • Just popping in

  • Posts: 74

  • Since: 2005/9/14


One of my websites has been hacked this week. The hacker didn't come from the XOOPS section of the site but from a different script.
Since then my webhost deleted all the content and don't allow me to have any folder with permissions set to 777 saying it's not safe.
Knowing that XOOPS needs some folders CHMODED to 777 (templates_c, cache, uploads) in order to work does it mean it is not safe?
The hacker installed a script in a folder with permissions set to 777 from an external source.

2
Genbushi
Re: Is Xoops safe?
  • 2006/4/27 17:56

  • Genbushi

  • Just popping in

  • Posts: 8

  • Since: 2005/4/24


Without logs, etc. it's difficult to isolate with any certainty. However, based on what you're saying it sounds more like a breach on the hosts part than a direct XOOPS exploit.

Any other info?

3
frankblack
Re: Is Xoops safe?
  • 2006/4/27 17:59

  • frankblack

  • Just can't stay away

  • Posts: 830

  • Since: 2005/6/13


This host of yours seems to be pretty unfair! The hosts I know issued a security advice about the dangerous script, but they never deleted content!!

XOOPS is quite safe among the scripts I know, but no script of such a size is 100% safe.

To add additional! security to your XOOPS I recommend XOOPS Protector from gijoe. And I recommend to change the hoster.

4
AndyM
Re: Is Xoops safe?
  • 2006/4/27 18:11

  • AndyM

  • Quite a regular

  • Posts: 296

  • Since: 2003/8/31


I'd say that was a bit of a knee-jerk reaction.

As a hoster myself, I have had to deal with insecure scripts causing a site or two getting "hacked", and in the worst case, the site was temporarily disabled while the hole was plugged.

Personally, I'd not delete content, at least without some sort of warning. If it was the script itself, then it would have been disabled, rather than deleted.

But yes, using any script(s) in any language always runs a risk when compared to a static site.

5
1000ac
Re: Is Xoops safe?
  • 2006/4/27 18:28

  • 1000ac

  • Just popping in

  • Posts: 74

  • Since: 2005/9/14


They asked my permission before to delete all the content but as it was the only condition to have my account reopened I had no other choice than saying yes.
I don't have much infos about the hackers actions other than what he did is to upload some files allowing him to send hundreds of emails from the server with the intention to steal people's banking informations.

6
Will_H
Re: Is Xoops safe?
  • 2006/4/27 18:33

  • Will_H

  • Friend of XOOPS

  • Posts: 1786

  • Since: 2004/10/10


ouch blacklisted.

Login

Username:
Password:

Lost Password? Register now!

Who's Online

59 user(s) are online (39 user(s) are browsing Support Forums)


Members: 0


Guests: 59


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jan 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits