1
ladysham
My own dedicated server - all Xoops sites were compromised
  • 2008/7/22 3:02

  • ladysham

  • Quite a regular

  • Posts: 274

  • Since: 2003/11/11


I am feverishly trying to find out where this jerk deposited all his files. They all appear to be through any directory that has permissions of 777.

If any of the XOOPS programmers would like to see these php files, please PM me and I will be glad to show you what was done.

Most sites are current versions of Xoops, a number of them run protector, and still they were compromised. Thirteen in total.

I am going to try adding the .htacces file recommended in another post - make sure everything is current and protector is current.

This person's actions brought down two sites today which I was able to restore. However, since the PHP programs he uploaded were encrypted, I don't know what they have been doing all day.

I just found these an hour ago when I was checking out a XOOPS site and the updated the theme.

Ugh!! Any other suggestions would help. The earliest version on one of these sites is 2.0.16 and that one has protector installed too.

Thanks!
Kelly Ling
Shamrock's Web Design
http://www.shamrocksweb.com

If you're coming to see my house - give me two weeks. If you're coming to see ME - come any time!

2
jdseymour
Re: My own dedicated server - all Xoops sites were compromised

Just a suggestion since it is on a private server. Make all files and folders in the web directory owned by the user the server runs as, for instance "chown -R apache:apache /your/web/dir. Once you have this you can use chmod 775 permissions instead of chmod 777 permissions. The latter is world writable, meaning anyone can write to the folders, 775 only allows the user and group owning the folder to write to it (in this case the server). Much more secure.

3
ladysham
Re: My own dedicated server - all Xoops sites were compromised
  • 2008/7/22 4:08

  • ladysham

  • Quite a regular

  • Posts: 274

  • Since: 2003/11/11


Will this work? Even though the server is dedicated, I host client sites - not just my own.
Kelly Ling
Shamrock's Web Design
http://www.shamrocksweb.com

If you're coming to see my house - give me two weeks. If you're coming to see ME - come any time!

4
jdseymour
Re: My own dedicated server - all Xoops sites were compromised

Yes, the only reason 777 is needed is if the server is misconfigured, and unfortunately quite a few are. But yes it will work and should not cause problems for your clients.

5
einherjer
Re: My own dedicated server - all Xoops sites were compromised
  • 2008/7/23 10:45

  • einherjer

  • Just popping in

  • Posts: 30

  • Since: 2002/11/8


Each clients site should run with its own user and php.ini.
So you will never need 777 and a script of a user cannot write to another clients space.

Have a look at suPHP or suexec. Suhosin may give you additional security. If you are running apache, see mod_security2 also.

Login

Who's Online

66 user(s) are online (39 user(s) are browsing Support Forums)


Members: 0


Guests: 66


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits