XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. XOOPS general usage questions 
  4.  / Please Help, My Xoops site keeps getting hacked
Register
1
carrierlp
Please Help, My Xoops site keeps getting hacked

  • 2008/1/10 3:16

  • carrierlp

  • Just popping in

  • Posts: 11

  • Since: 2007/5/14


hi, I have the latest version of XOOPS running on my site, and it keeps getting hacked by hackers everyday...

any solutions?
2
carrierlp
Re: Please Help, My Xoops site keeps getting hacked

  • 2008/1/10 3:19

  • carrierlp

  • Just popping in

  • Posts: 11

  • Since: 2007/5/14


My host says that they are somehow uploading a script (possibly thru the avatar) even though I turned it off?

somehow the scripts are being ran thru my dedicated server in the /var/tmp and /tmp dir's

the hackers keep creating files called AohK
anyone familar with this?
3
irmtfan
Re: Please Help, My Xoops site keeps getting hacked

  • 2008/1/10 3:28

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


Installing "Protector" can help you to secure all uploaded files.
but it more seems a bad configuration in the server.
if as you wrote this is your dedicate server, you should see apache logs.
4
carrierlp
Re: Please Help, My Xoops site keeps getting hacked

  • 2008/1/10 3:35

  • carrierlp

  • Just popping in

  • Posts: 11

  • Since: 2007/5/14


where can I get protector? on this site?
5
BlueStocking
Re: Please Help, My Xoops site keeps getting hacked

carrierlp,
RE:"where can I get protector? on this site?"

https://xoops.org/modules/repository/viewcat.php?list=P

BS
https://xoops.org/modules/repository .. It is time to get involved - XOOPS.ORG
6
raggarsvin
Re: Please Help, My Xoops site keeps getting hacked

  • 2008/1/10 8:53

  • raggarsvin

  • Just popping in

  • Posts: 13

  • Since: 2007/8/8 9


On a XOOPS site i took over administration of i found a disabled module called cjaycontent in wich some scriptciddies was able to upload files to the server even it was disabled. had to delete the modulefolder

The file they uploaded to /tmp edited and added a ifame on every html and php file that had chmdod 777 or was owned by nobody on the whole server so yea, that wasted some time for us. think it was maybe 30 sites affected that time

So if you have cjaycontent or other module with uploading stuff, try if you can reach the uploading files without being logged in.
7
carrierlp
Re: Please Help, My Xoops site keeps getting hacked

  • 2008/1/10 9:20

  • carrierlp

  • Just popping in

  • Posts: 11

  • Since: 2007/5/14


thats EXACTLY what happen to my site and my server.

I removed all the files I can, I just hope that they dont come back or have some files that were not found.

Anyways, im having a hard time installing that protector module. The instructions are the greatest.
8
joninzar
Re: Please Help, My Xoops site keeps getting hacked

  • 2008/1/10 10:01

  • joninzar

  • Just popping in

  • Posts: 12

  • Since: 2006/11/7


Hi, alls.

Quote:
try if you can reach the uploading files without being logged in


Excuse me if it's a stupid question, but, How I do for "trying" this?

Thank's
9
McDonald
Re: Please Help, My Xoops site keeps getting hacked

  • 2008/1/10 10:41

  • McDonald

  • Home away from home

  • Posts: 1072

  • Since: 2005/8/15


See here for the Protector Manual.

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

181 user(s) are online (109 user(s) are browsing Support Forums)

Members: 0

Guests: 181

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits