Re: stopping hackers [2.3.x Support] - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

1

stopping hackers

2009/4/22 11:50
MikeShane
Community Support Member
Posts: 144
Since: 2008/1/5 2

OK I just cleaned all of the i frame index injections off my server and changed all my passwords how do I keep the hackers from injecting my index pages again? How did they do it? any help?
It is a php hack

Musicians for musicians entertaining the world, what starts as a dream can live in reality!

2

Re: stopping hackers

2009/4/22 12:38
trabis
Core Developer
Posts: 2269
Since: 2006/9/1 1

Keep your PC clean of virus, trojan, etc. Use trustable ftp programs.

LatinoPoemas

3

Re: stopping hackers

2009/4/22 13:10
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Check your Apache logs for suspect access patterns in order to identify a security weakness of a module. Look also in the Protector logs. Follow the trails by IP number, date and time and browser signature. Loading the logs in a spreadsheet gives you the ability to easy sort on this.

But as I said before the modified index hacking is in general a server access security breach (on your local PC (where you do the admin of the site)) by malware or a server wide breach due to eg older server software) and not likely a XOOPS problem.

The art of asking questions.

4

Re: stopping hackers

2009/4/22 19:54
MikeShane
Community Support Member
Posts: 144
Since: 2008/1/5 2

I'm afraid it is a XOOPS problem.
The attacks using this i frame injection is on Xoops, joomala, word press and other php driven sites. This means that there is something using php that the weakness is at. Thats why I'm looking for information on how they did it. One of the things id did was diable my protector so it was not accesable. I had a week old back up replacing the infected sites. The attack was only on two 2.3b XOOPS sites and one joomala site on same server. Nothing on html sites or an older XOOPS site that has not been updated yet.

Musicians for musicians entertaining the world, what starts as a dream can live in reality!

5

Re: stopping hackers

2009/4/22 23:41
Runeher
Module Developer
Posts: 825
Since: 2008/1/24

Did you do any work on the sites lately, perhaps with some free or "free" software? There can be lots of "extra features" with ie. torrent downloads...

Danordesign - Get XOOPS Modules!
XOOPS Nordic

6

Re: stopping hackers

2009/4/23 1:19
jdseymour
Friend of XOOPS
Posts: 3782
Since: 2004/11/11

Quote:

MikeShane wrote:
I'm afraid it is a XOOPS problem.
The attacks using this i frame injection is on Xoops, joomala, word press and other php driven sites. This means that there is something using php that the weakness is at. Thats why I'm looking for information on how they did it. One of the things id did was diable my protector so it was not accesable. I had a week old back up replacing the infected sites. The attack was only on two 2.3b XOOPS sites and one joomala site on same server. Nothing on html sites or an older XOOPS site that has not been updated yet.

It is the server that handles (interprets) php.

3 things to look at.

1. What user does the (apache) server run as?
2. What user owns the files on the server?
3. What are the file/folder permissions?

Answers should look like this:

1. server runs as a non privileged user (usually as apache).
2. Files and folders should be owned by the non privileged user the server is running as (in the above case apache).
3. Files should be 644 or -rw-r--r-- folders should be 755 drwxr-xr-x .

Proactive Support for Sites and Servers

WebServerMasters.com | XOOPS Tutorials

7

Re: stopping hackers

2009/4/24 7:19
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Quote:

I'm afraid it is a XOOPS problem.

As also a Joomla site is affected, the problem is not specific XOOPS, but that the hacker is targetting php files.

The art of asking questions.

Login

Username

Password

Remember me

Register now! | Lost Password?

Search

Advanced Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/16 2:02 Mamba
Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/14 20:34 hnn_gerd
Re: NewBB v 5.1.0 b 6

3/7 12:07 Mamba
Re: NewBB v 5.1.0 b 6

2/23 2:57 Mamba
NewBB v 5.1.0 b 6

2/17 18:57 spierrard
Re: XOOPS 2.5.11 search user is not working

2/14 13:11 Mamba
Re: oledrion

2/14 11:29 Mamba
Re: oledrion

2/13 15:22 oswaldo
Re: oledrion

2/12 19:20 Mamba
Re: oledrion

2/12 16:02 oswaldo

Who's Online

178 user(s) are online (123 user(s) are browsing Support Forums)

Members: 0

Guests: 178

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}