XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. XOOPS general usage questions 
  4.  / Spam and/or Hack Attempt
Register
1
Cuidiu
Spam and/or Hack Attempt

  • 2008/2/5 18:07

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


Hi All,

My logs show someone is messing with my XOOPS 2.2.4 site. Why would someone do this:
domain.com/userinfo.php?uid=http://trashyspamsite.com/pictureofme?

Is there a way to spam a XOOPS site doing the above or does this apply to some other CMS with a vulnerability?

TIA,

Cuidiu
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]
2
blueteen
Re: Spam and/or Hack Attempt

  • 2008/2/5 18:55

  • blueteen

  • Quite a regular

  • Posts: 379

  • Since: 2004/7/16


Often, a picture called like this (remote url), is a malicious code in reality. (on windows system, try to download this picture, then edit with a text editor).
This is a way to deface or hack your website/server.

It's a good thing to contact the provider's abuse service, providing the link to the picture, some logs samples and few words.
3
Cuidiu
Re: Spam and/or Hack Attempt

  • 2008/2/5 20:35

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


Thanks for that info. I guess I still am not clear. Is this something XOOPS is vulnerable to?

Quote:

blueteen wrote:
Often, a picture called like this (remote url), is a malicious code in reality. (on windows system, try to download this picture, then edit with a text editor).
This is a way to deface or hack your website/server.

It's a good thing to contact the provider's abuse service, providing the link to the picture, some logs samples and few words.
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

326 user(s) are online (258 user(s) are browsing Support Forums)

Members: 0

Guests: 326

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits