11
Catzwolf
Re: Xoops Hacked
  • 2007/7/4 8:32

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


Nice to see you back around here again Brash :)

12
tonycharman
Re: Xoops Hacked

Hi my XOOPS version is: 2.0.16

Apache/1.3.33 (Unix)
PHP/4.4.7

Deleting the files within cache and template_c folders worked. I had to set up the XOOPS Protector Module Trust Path again in mainfile.php - but once that was done I was able to get back into admin. I have overwritten the hacked pda.php file. I am about to change the admin password.

I have looked at the protector module and it makes the following suggestions (PLEASE ADMIN DELETE THE FOLLOWING IF YOU THINK IT CONSTITUTES AN OPEN INVITATION)

'register_globals' on   Not secure
    This setting invites a variety of injecting attacks
.
    If 
you can put .htaccessedit or create...

    /
homepages/8/d162068134/htdocs/the-weald/cms/.htaccess

    php_flag   register_globals   off 

'allow_url_fopen' on   Not secure
    This setting allows attackers to execute arbitrary scripts on remote servers
.
    
Only administrator can change this option.
    If 
you are an adminedit php.ini or httpd.conf.
    
Sample of httpd.conf:
      
php_admin_flag   allow_url_fopen   off
    
Else, claim it to your administrators.

'session.use_trans_sid' off   ok

'XOOPS_DB_PREFIX' XOOPS   Not secure
    This setting invites 
'SQL Injections'.
    
Don't forget turning 'Force sanitizing *' on in this module's preferences.
  
Go to prefix manager

'mainfile.php' missing precheck   Not secure
    You should edit your mainfile
.php like written in README.


I am using 1&1 shared hosting and don't think I can create/edit the .htaccess file, but have written to them explaining that my site was compromised and asking their assistance with editing these files.

Many thanks for the input, now back to it's earlier state, but I want to lock it down tighter now.

13
tonycharman
Re: Xoops Hacked

duplicate

Login

Who's Online

578 user(s) are online (72 user(s) are browsing Support Forums)


Members: 0


Guests: 578


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits