11
Marco
Re: Open holes and hacked
  • 2007/6/2 11:46

  • Marco

  • Home away from home

  • Posts: 1256

  • Since: 2004/3/15


Quote:

Does anyone know of security issues with the other modules?

yep, read this article, that lists them
marco
Do synergy or die.

12
skenow
Re: Open holes and hacked
  • 2007/6/2 12:08

  • skenow

  • Home away from home

  • Posts: 993

  • Since: 2004/11/17


Quote:

dizzymarkus wrote:
The web server logs are a nightmare :0( I go into my control panel and dload the raw access logs -- unRAR them and they unzip as a msdos application (looks like an exe icon but properities says "msdos application". Hosting says right click and choose notepad or wordpad -- no "open with" option for this when right clicking on the file. I am unsure what to do here with trying to view them.

Markus


In Windows, SHIFT-right click will sometimes give you the Open with... option. When other programs modified the context menu, it seems to interfere with this. The other option is to start your text editor then open the file from within the editor.

13
BroHam
Re: Open holes and hacked
  • 2007/6/2 13:09

  • BroHam

  • Just popping in

  • Posts: 100

  • Since: 2007/3/31


Quote:
...no "open with" option for this when right clicking on the file.

Quote:
The other option is to start your text editor then open the file from within the editor.


You can actually just drag and drop the file into your open text editor to view the contents.
I don't know.

14
dyoungers
Re: Open holes and hacked
  • 2007/6/2 14:59

  • dyoungers

  • Just popping in

  • Posts: 1

  • Since: 2005/2/5 1


timely thread ... I've been hacked twice in the last two weeks as well (after years of running xoops)

Found this thread after figuring out from the server logs that in the most recent attack that they had used the spaw editor embedded in xt_conteudo to insert a new home page.

I've deleted the spaw editor but have left xt_conteudo installed with no wysiwyg editing since I have a fair amount of content under it ... anyone know whether there are any other holes in it? (I have protector installed as well)

also with regard to phpsuexec ... I have also chmod 755 on all the folders that were previously writable and the site seems to be working so that suggestion appears to be a good idea as well :)

Thanks for all the tips!

Dave

15
wtravel
Re: Open holes and hacked

Quote:
I've deleted the spaw editor but have left xt_conteudo installed with no wysiwyg editing since I have a fair amount of content under it ... anyone know whether there are any other holes in it? (I have protector installed as well)


You can safely use the content module, which works quite similar to xt_conteudo. As far as I know there is even an upgrade script from xt_conteudo within the content module.

16
Peekay
Re: Open holes and hacked
  • 2007/6/2 15:30

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Quote:
Does anyone know of security issues with the other modules?

I removed Even News from my sites. Caused a major spam problem. Doesn't necessarily mean it's a security risk though.

I think SmartFactory have an alternative newsletter subscription module.
A thread is for life. Not just for Christmas.

17
xgarb
Re: Open holes and hacked
  • 2007/6/3 18:15

  • xgarb

  • Not too shy to talk

  • Posts: 154

  • Since: 2003/3/30


Quote:

wtravel wrote:
It could be useful to add a .htaccess file in the uploads folder that makes sure only .jpg .gif and .zip files are accessible from the web. .


Stick this in your .htaccess file in any upload directory..

AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi 
Options 
-ExecCGI


from.. http://www.askapache.com/htaccess/security-with-apache-htaccess.html#show-source-code

18
BroHam
Re: Open holes and hacked
  • 2007/6/3 20:46

  • BroHam

  • Just popping in

  • Posts: 100

  • Since: 2007/3/31


What does that do, xgarb or anyone else?

Placing the .htaccess with that in it, in the uploads folder, does what?
Quote:
This is cool, you are basically categorizing all files that end in certain extensions so that they fall under the jurisdiction of the -ExecCGI command, which also means -FollowSymLinks. And the opposite is also true, +ExecCGI also turns on +FollowSymLinks

What does this mean? Can someone rephrase this in simpler terms? Thanks.
I don't know.

19
xgarb
Re: Open holes and hacked
  • 2007/6/4 7:41

  • xgarb

  • Not too shy to talk

  • Posts: 154

  • Since: 2003/3/30


stops any executable files (the ones listed) by assigning them to CGI and then stopping CGI from working...

sort of anyway!

It works for me when tested.

20
Guitariste
Re: Open holes and hacked
  • 2007/6/4 10:39

  • Guitariste

  • Just popping in

  • Posts: 4

  • Since: 2005/9/5 1


Quote:

xgarb wrote:

Stick this in your .htaccess file in any upload directory..

AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi 
Options 
-ExecCGI



if i did it in the XOOPS path /www where i have xoops's files, it will be correct ?

and for more protection u can see This Pages


CIA

Login

Who's Online

318 user(s) are online (219 user(s) are browsing Support Forums)


Members: 0


Guests: 318


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits