1
xsell
Hacking Attempt
  • 2008/10/16 7:28

  • xsell

  • Quite a regular

  • Posts: 245

  • Since: 2008/9/2 1


Hello

My protector Cought Someone try's to upload A php file.

My question how did this Guy even tried .. i dont have any uploading Module , i disabled every option that allows uploading files .

Xoops 2.3.1
protector 3.20
system
tinyd
x_movie

.. the x_movie uploading Option disabled for every one , only for the webmaster enabled ..

so where he might found way to try uploading ..

i need to delete every file that allows upload files ..
any advise ...


2
Anonymous
Re: Hacking Attempt
  • 2008/10/16 7:46

  • Anonymous

  • Posts: 0

  • Since:


Quote:
xsell wrote:

My protector Cought Someone try's to upload A php file.


Firstly, that's the good news.

When you say "upload a php file" do you have a clue as to which module was used (if any)?

What does Protector's "Protect Centre" say?

You need to look at your server logs for the time in question and go from there. Where was it being uploaded to (which folder)?

Also, looking at the list of modules you have, it might be that its a server security issue rather than a XOOPS module issue.

3
xsell
Re: Hacking Attempt
  • 2008/10/16 19:08

  • xsell

  • Quite a regular

  • Posts: 245

  • Since: 2008/9/2 1


Thx ..

the Logs Not much of help . and protector just gives the file name but not where .

its Ok , i deleted every single files in my site says Upload.php or uploader.php .. i well put them back when i need them .. that safer for me

4
ghia
Re: Hacking Attempt
  • 2008/10/16 23:03

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Quote:
the Logs Not much of help . and protector just gives the file name but not where .
You have to match the dates in both. Then in the Apache log you can do further lookup and follow the trail by IP number and/or browser signature.
Quote:
i deleted every single files in my site says Upload.php or uploader.php
That's very radical, but mosttimes other ways are used to compromise the server.

5
xsell
Re: Hacking Attempt
  • 2008/10/17 16:56

  • xsell

  • Quite a regular

  • Posts: 245

  • Since: 2008/9/2 1


Safe better than sorry

6
Anonymous
Re: Hacking Attempt
  • 2008/10/17 18:45

  • Anonymous

  • Posts: 0

  • Since:


Quote:
xsell wrote:

Safe better than sorry


I'm with Ghia - sounds a bit hasty to me

Protector caught the attempted upload and it may have been a one-off.

But it's your site so who are we to comment

Login

Who's Online

351 user(s) are online (266 user(s) are browsing Support Forums)


Members: 0


Guests: 351


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits