1
ttremeth
getting hacked every day
  • 2007/5/18 23:24

  • ttremeth

  • Just popping in

  • Posts: 25

  • Since: 2003/5/29


Yeah, almost daily my XOOPS kids site gets hacked by some Russion or turkish outfit, well according to their lovely pictures.

I am at a loss to stop it. They seem to get the ftp password, upload a new index.php and xmlrpc.php.

Any suggestions or help. I would need specific help if possible as i am nopt a developer or designer so it would have to be step by step, preemie.info is the site so any one who would not mind could jump it and help me out.

2
irmtfan
Re: getting hacked every day
  • 2007/5/18 23:51

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


You should care about your site and modules if it is important for you.
for example installing "Protector" module as a highly recommended one is mentioned in many topics and also official XOOPS readme.

also reading this faq is very useful:
https://xoops.org/modules/smartfaq/faq.php?faqid=621

3
ttremeth
Re: getting hacked every day
  • 2007/5/19 1:18

  • ttremeth

  • Just popping in

  • Posts: 25

  • Since: 2003/5/29


ver 2.2
system 2.13
news 1.42
xoops gallery 1.34
links 1.1
faq 1.1
contact us 1
guest book 1.1
smart partner 1.2
headlines 1
extended profiles .1
wf-section 1.01
wf-links 1.03
protector 2.52

4
ttremeth
Re: getting hacked every day
  • 2007/5/19 1:53

  • ttremeth

  • Just popping in

  • Posts: 25

  • Since: 2003/5/29


Quote:

davidl2 wrote:
And which version of XOOPS itself?


2.2 however i found out after complaining omn a hackers site that it was weakeness in system 2.13 Any idea what? that is all i know

5
ttremeth
Re: getting hacked every day
  • 2007/5/19 2:14

  • ttremeth

  • Just popping in

  • Posts: 25

  • Since: 2003/5/29


any ideas how to fix system 2.13?

6
trspice
Re: getting hacked every day
  • 2007/5/19 4:12

  • trspice

  • Not too shy to talk

  • Posts: 193

  • Since: 2007/3/24


Daily hacks is a good reason to change hosting service. I had a similar problem before (wasn't using XOOPS or any CMS) then after searching the web for complaints on the host I found that many other people had the problems and moved away.
There's nothing but science....
The Reggae Album

7
ttremeth
Re: getting hacked every day
  • 2007/5/19 6:07

  • ttremeth

  • Just popping in

  • Posts: 25

  • Since: 2003/5/29


Followed protector step by step however the module never appears in the list to install and the admin page loses its format until i delete protector from the modules dir

Also wf-sections 1.02 download gives a 404 error

here is my config, a made a XOOPS_TRUST_PATH folder in my directory ie /myfolder above public html

// $Id: mainfile.dist.php,v 1.5 2003/02/12 11:36:33 okazu Exp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
// <https://xoops.org/> //
// ------------------------------------------------------------------------ //
// This program is free software; you can redistribute it and/or modify //
// it under the terms of the GNU General Public License as published by //
// the Free Software Foundation; either version 2 of the License, or //
// (at your option) any later version. //
// //
// You may not change or alter any portion of this comment or credits //
// of supporting developers from this source code or any supporting //
// source code which is considered copyrighted (c) material of the //
// original comment or credit authors. //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY; without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
// GNU General Public License for more details. //
// //
// You should have received a copy of the GNU General Public License //
// along with this program; if not, write to the Free Software //
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
// ------------------------------------------------------------------------ //

if ( !defined("XOOPS_MAINFILE_INCLUDED") ) {
define("XOOPS_MAINFILE_INCLUDED",1);

// XOOPS Physical Path
// Physical path to your main XOOPS directory WITHOUT trailing slash
define('XOOPS_ROOT_PATH', '/home/myfolder/public_html/cms');
define('XOOPS_TRUST_PATH', '/home/myfolder/XOOPS_TRUST_PATH');

etc etc

8
ttremeth
Re: getting hacked every day
  • 2007/5/19 10:48

  • ttremeth

  • Just popping in

  • Posts: 25

  • Since: 2003/5/29


suggestions?

9
McDonald
Re: getting hacked every day
  • 2007/5/19 11:10

  • McDonald

  • Home away from home

  • Posts: 1072

  • Since: 2005/8/15


The XOOPS Trust Path should be defined as follows:

define('XOOPS_TRUST_PATH''/home/myfolder');

10
trspice
Re: getting hacked every day
  • 2007/5/19 18:37

  • trspice

  • Not too shy to talk

  • Posts: 193

  • Since: 2007/3/24


Do you have the Frameworks folder in your XOOPS root? That may be the reason you modules list disappear with Protector folder installed. You can find the frameworks download at http://dev.xoops.org/modules/xfmod/project/showfiles.php?group_id=1357&release_id=1174#selected
There's nothing but science....
The Reggae Album

Login

Who's Online

343 user(s) are online (281 user(s) are browsing Support Forums)


Members: 0


Guests: 343


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits