Re: XoopsGallery Easly Hacked [Module reviews] - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

1

XoopsGallery Easly Hacked

2008/1/9 22:24
Northern
Just can't stay away
Posts: 420
Since: 2004/12/26

I just got done removing 8 phishing site out of a single xoopsgallery folder, these little sites are like ticks.
all over the place in oddball places and not all of them seemed what they were.

I went to www.xoopsgallery.org but they seen to be closed or down at this time, as it was yesterday. and the day prior.

I would advise you to check your xoopsgallery module, look throught all folders and look for a all CAPS ( all upper case LETTERED ) folder, that would be the easiest way to find them.

This would be a wise thing to do sence ive just finished with the 4th xoopsgallery with this problem in under 2 weeks. none of the saiute are on the same servers or hosts, the version of XOOPS gallery was 3.3.3.7, 3.3.3.9, and 2.1

Flag it, bug it, report it, what ever you like, but its come apparent that theres a problem.

Marc.

2

Re: XoopsGallery Easly Hacked

2008/1/9 22:57
BlueStocking
Home away from home
Posts: 1191
Since: 2007/2/16

TO:
QuarantinedModules

@Irmtfan, D. J.
I have NOT removed it from the SourceForge list. That is for your determination. Please let me know what you do.

Thanks,

QUESTION:http://www.dhps.ylc.edu.tw/~demo/x96/modules/fileup/view_file.php?fsn=3 should be warned. I do not speak the language. (Chinese)

Is this the same module that Northern just reported on?

BS

https://xoops.org/modules/repository .. It is time to get involved - XOOPS.ORG

3

Re: XoopsGallery Easly Hacked

2008/1/10 0:34
Northern
Just can't stay away
Posts: 420
Since: 2004/12/26

Quote:

BlueStocking wrote:
TO:
QuarantinedModules

@Irmtfan, D. J.
I have NOT removed it from the SourceForge list. That is for your determination. Please let me know what you do.

From the looks of things in xoopsinfo< click the link. the Xoopsgallery has fallen into disrepair and is nologer.
its now a orphin. along with the websites .org,.com

I tried to contact Glen via email but i get my message back in under 2 sec. lol.

Quote:

QUESTION:http://www.dhps.ylc.edu.tw/~demo/x96/modules/fileup/view_file.php?fsn=3 should be warned. I do not speak the language. (Chinese)

Is this the same module that Northern just reported on?

BS

from the looks of the download file ( Xoopsgallery-1_3_3_7.zip ) its the same module.

Update:
most common ways for a phishing site to access your site is.
1. search box
2. javascript-from faulty html
3. faulty html

now if you noticed, all version of xoopsgallery have there own search box in the index page. Ive just removed the search form in the templates, and cmod ( 444 ) the search.php file. the hide the search opp in the xoops_version.php.

this is not a fix, but to help elemanate the problem, ive still got alot of source checking to do.

4

Re: XoopsGallery Easly Hacked

2008/1/10 13:45
EastEnd99
Just popping in
Posts: 1
Since: 2005/9/4 1

This is a (sanitized) messages log from my webserver:


Jan  6 18:06:47 httpd: PHP Warning:  main(): URL file-access is disabled in the server configuration in /..../modules/xoopsgallery/init_basic.php on line 83

Jan  6 18:06:47 httpd: PHP Warning:  main(http://kamekfm.org/test.txt???platform/fs_unix.php): failed to open stream: no suitable wrapper could be found in ../modules/xoopsgallery/init_basic.php on line 83

Jan  6 18:06:47 httpd: PHP Fatal error:  main(): Failed opening required 'http://kamekfm.org/test.txt???platform/fs_unix.php' (include_path='.:/usr/share/pear-addons:/usr/share/pear') in ../modules/xoopsgallery/init_basic.php on line 83

Line 83 of init_basic.php shows the $GALLERY_BASEDIR variable is replaced by an external URL at runtime. These external references vary each time. My knowledge of PHP is limited: I cannot figure out which code is responsible for the value of this variable at runtime. I am stuck.

Am I looking at the same hack situation?
If it is: The hack does not seem to have any consequences: I can not find strange files inside the xoopsgallery directory structure. May be turning off URL file-access in the servers PHP configuration disables the hack. Other posiblity may be the hack check in each php file should be extended (it validates empty $GALLERY_BASEDIR variables) to make sure it is pointing to the local XOOPS installation.

If I can be of any help, please let me know.

EE99

5

Re: XoopsGallery Easly Hacked

2008/1/11 23:55
deano42
Just popping in
Posts: 13
Since: 2006/4/26

I've had the same issue this week, does anyone know where you can get the latest version of XOOPS Gallery now that the site is down? I have some repairing to do...

Thanks

Dean

6

Re: XoopsGallery Easly Hacked

2008/1/12 6:27
script_fu
Friend of XOOPS
Posts: 1494
Since: 2002/12/27

The best solution is not to use the module at all.

Try one that a dev still supports...

example

http://www.zoullou.net/

7

Re: XoopsGallery Easly Hacked

2008/1/12 6:46
MadFish
Friend of XOOPS
Posts: 1056
Since: 2003/9/27

XoopsGallery was well maintained for years, it is a shame it if it is not maintained anymore.

This kind of thing is why XOOPS needs to designate some 'core modules', that will give users (especially business) some assurance of ongoing support.

https://xoops.org

8

Re: XoopsGallery Easly Hacked

2008/1/12 15:01
bubuche93
Just popping in
Posts: 25
Since: 2006/11/19

is XOOPS gallery the same as xcgallery?

9

Re: XoopsGallery Easly Hacked

2008/1/12 21:07
pjeutr
Just popping in
Posts: 2
Since: 2005/11/8

Try adding the following at the top of init_basic.php
Seems to work for me, dunno why it should be possible that the base base can be a url.

// Hack prevention.
if (!empty($_REQUEST["GALLERY_BASEDIR"])) {
error_log("Security violation\n" .$_REQUEST["GALLERY_BASEDIR"]);
exit;
}

10

Re: XoopsGallery Easly Hacked

2008/1/12 21:15
BlueStocking
Home away from home
Posts: 1191
Since: 2007/2/16

SEE News report

http://codex.gallery2.org/Main_Page

http://codex.gallery2.org/Gallery2

ownload#Packages

http://codex.gallery2.org/Integration
SEE: [XOOPS Download CMS/Portal alpha G2.0(.x) greyhair]

Maybe the link above will help. I am not a module developer so I would not know for certain but it appears XOOPSGallery 2 was designed on this platform, so maybe you or someone will re-xoopsify it.

Sidenote: Beautiful Wiki support.

https://xoops.org/modules/repository .. It is time to get involved - XOOPS.ORG

Login

Username

Password

Remember me

Register now! | Lost Password?

Search

Advanced Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/16 2:02 Mamba
Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/14 20:34 hnn_gerd
Re: NewBB v 5.1.0 b 6

3/7 12:07 Mamba
Re: NewBB v 5.1.0 b 6

2/23 2:57 Mamba
NewBB v 5.1.0 b 6

2/17 18:57 spierrard
Re: XOOPS 2.5.11 search user is not working

2/14 13:11 Mamba
Re: oledrion

2/14 11:29 Mamba
Re: oledrion

2/13 15:22 oswaldo
Re: oledrion

2/12 19:20 Mamba
Re: oledrion

2/12 16:02 oswaldo

Who's Online

129 user(s) are online (78 user(s) are browsing Support Forums)

Members: 0

Guests: 129

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}