Hi, my site LaunchpadIsrael.com was recently hacked and the index.php file was replaced. This is what the system admin had to say:

I found a file in your w2/images/ folder called tmp1.php. This file appears to have uploaded via the vulnerability mentioned below. I could not verify if this version had a backport security fix for the issue, but the XML-RPC issue is actually quite common amongst CMSs before a certain date.

Also, you may want to check the galleries and make sure that only authorized users can upload files. A trick that is commonly used it to upload a file which is actually a php script, but with a GIF headers or as a RAR file. The server will still execute the file is the extension does not match.

--
http://secunia.com/advisories/16339/

"Some vulnerabilities have been reported in XOOPS, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerabilities are caused due to vulnerable versions of PHPMailer and XML-RPC being used."

---

Is xoopsgallery known to be vulnerable, to malicious uploads?

https://xoops.org/modules/repository/singlefile.php?cid=36&lid=1272

Although, my site has users, it is a browse only.

any tips or feedback?

Use the latest XOOPS releases - this old vulnerability was fixed last year, as it also states in the secunia report.

i am using 2.0.13.2 because it's meant to be more secure, are you saying it's not?

The latest release of 2.0 is 2.0.16. That will contain the latest security fixes, as well as a number of bug fixes and some nice new features too.

How did you think an earlier release was more secure? From a local support site, from the forums here...? < confused me >

Can't remember. Must have read it here. Just remember making the choice based on security :( ??

thanks anyway JCDunnart.