Re: Is Xoops safe? [Q and A] - XOOPS Web Application System

1

Is Xoops safe?

2006/4/27 17:23
1000ac
Just popping in
Posts: 74
Since: 2005/9/14

One of my websites has been hacked this week. The hacker didn't come from the XOOPS section of the site but from a different script.
Since then my webhost deleted all the content and don't allow me to have any folder with permissions set to 777 saying it's not safe.
Knowing that XOOPS needs some folders CHMODED to 777 (templates_c, cache, uploads) in order to work does it mean it is not safe?
The hacker installed a script in a folder with permissions set to 777 from an external source.

2

Re: Is Xoops safe?

2006/4/27 17:56
Genbushi
Just popping in
Posts: 8
Since: 2005/4/24

Without logs, etc. it's difficult to isolate with any certainty. However, based on what you're saying it sounds more like a breach on the hosts part than a direct XOOPS exploit.

Any other info?

3

Re: Is Xoops safe?

2006/4/27 17:59
frankblack
Just can't stay away
Posts: 830
Since: 2005/6/13

This host of yours seems to be pretty unfair! The hosts I know issued a security advice about the dangerous script, but they never deleted content!!

XOOPS is quite safe among the scripts I know, but no script of such a size is 100% safe.

To add additional! security to your XOOPS I recommend XOOPS Protector from gijoe. And I recommend to change the hoster.

4

Re: Is Xoops safe?

2006/4/27 18:11
AndyM
Quite a regular
Posts: 296
Since: 2003/8/31

I'd say that was a bit of a knee-jerk reaction.

As a hoster myself, I have had to deal with insecure scripts causing a site or two getting "hacked", and in the worst case, the site was temporarily disabled while the hole was plugged.

Personally, I'd not delete content, at least without some sort of warning. If it was the script itself, then it would have been disabled, rather than deleted.

But yes, using any script(s) in any language always runs a risk when compared to a static site.

[size=x-small]Articles, AM Events and my other modules.
The Muggles Guide
PC From Scratch[/size]

5

Re: Is Xoops safe?

2006/4/27 18:28
1000ac
Just popping in
Posts: 74
Since: 2005/9/14

They asked my permission before to delete all the content but as it was the only condition to have my account reopened I had no other choice than saying yes.
I don't have much infos about the hackers actions other than what he did is to upload some files allowing him to send hundreds of emails from the server with the intention to steal people's banking informations.

6

Re: Is Xoops safe?

2006/4/27 18:33
Will_H
Friend of XOOPS
Posts: 1786
Since: 2004/10/10

ouch blacklisted.

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Is Xoops safe?

Re: Is Xoops safe?

Re: Is Xoops safe?

Re: Is Xoops safe?

Re: Is Xoops safe?

Re: Is Xoops safe?

Login

Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}