11
DonXoop
Re: EMERGENCY: security hole of Agenda-X

If you are disabling for now then yes, renaming or better yet moving the module directory should prevent attacks. The attack happens if certain files like addevent.inc.php are called in the URL.

The MySQL is safe (unless you have other problems.....).

SUGGESTION: check your logs for direct calls to the files listed above. At least know if someone tried.

12
djsckizo
Re: EMERGENCY: security hole of Agenda-X
  • 2004/2/14 5:13

  • djsckizo

  • Just can't stay away

  • Posts: 401

  • Since: 2003/5/9 8


Quote:

Chainsaw wrote:
I don't want to loose my data (sigh I can't think of re-entering all the calendar entries again!).


If I were you, I'd backup the database file for the agenda x module and than just go ahead and delete it. When it is safe to use it again, you can always dump the data back in again.

13
Chainsaw
Re: EMERGENCY: security hole of Agenda-X
  • 2004/2/14 5:20

  • Chainsaw

  • Quite a regular

  • Posts: 304

  • Since: 2003/9/28


*mumble*grumble*

Yeah I guess I have to. I'm about to launch my church website at tomorrow's sunday service....

This couldn't have come at a worst time.

BTW - what exactly can this security hole do? Can the hacker destroy all the files on the site?

14
Anonymous
Re: EMERGENCY: security hole of Agenda-X
  • 2004/2/14 5:30

  • Anonymous

  • Posts: 0

  • Since:


Quote:
This is my favorite response lol. I too am about to dump it from one of my sites.


I renamed the file directory and submitted an announcement to my users begging for their inconvenience. At this point, maybe it'd be just better for someone to fork this mod.

15
DonXoop
Re: EMERGENCY: security hole of Agenda-X

That would be the safest thing to do. Depends on how much you know your server.

Looking at the logs (you should look at yours too) I can see they try to run commands, upload code to get a shell, just about anything.

Some things I see:
. "uname -a" to get the kernel version.
. "ls /tmp" "ls c:/" etc to browse around.
. "wget ...." to upload exploits and scripts.

So they might just browse around for kicks or delete everything you have. Whatever they want.

I think they depend on the rights of the web-server user. Secure your server. That was too close for comfort this time.

16
sum
Re: EMERGENCY: security hole of Agenda-X
  • 2004/2/14 6:23

  • sum

  • Just popping in

  • Posts: 10

  • Since: 2002/11/12


It is insufficient only in them.

Because even if they are effective for the cracking in the FUTURE,
they are invalid to the cracking that has ALREADY been done.

The cracker can NEWWRITE/REWRITE the file by using this hole
within the scope of authority of the PHP script.
There is a possibility that the BACK-DOOR has already been made somewhere.
You should confirm no falsification of the file that has been installed
by making good use of the file attribute (timestamp might be camouflaged)
and the diff-tool etc.

17
djsckizo
Re: EMERGENCY: security hole of Agenda-X
  • 2004/2/14 9:30

  • djsckizo

  • Just can't stay away

  • Posts: 401

  • Since: 2003/5/9 8


Have you tried any of the other calendar modules? If you use newbb or any of the other forum modules you could always make a forum specificly for the calendar events to be posted in until this gets fixed.

18
djsckizo
Re: EMERGENCY: security hole of Agenda-X
  • 2004/2/14 9:31

  • djsckizo

  • Just can't stay away

  • Posts: 401

  • Since: 2003/5/9 8


Well, lucky for me the site mine came from isn't active yet. It was but I shut it down to rebuild it from the ground up. I was actually about to close it down for good but I decided to give it a third (yes third) chance.

19
Chainsaw
Re: EMERGENCY: security hole of Agenda-X
  • 2004/2/14 9:37

  • Chainsaw

  • Quite a regular

  • Posts: 304

  • Since: 2003/9/28


Well I've deleted my Agenda-X module

I had a quick look around and tried piCal 0.6

It installed without any incident and with the latest addition of Categories it is a perfect calendar for me. (Thanks GIJOE)

20
tonycam
Re: EMERGENCY: security hole of Agenda-X
  • 2004/2/14 10:49

  • tonycam

  • Just popping in

  • Posts: 3

  • Since: 2004/1/30


Does anyone have a link to the discovery of this new vulnerability?

Login

Username:
Password:

Lost Password? Register now!

Who's Online

67 user(s) are online (34 user(s) are browsing Support Forums)


Members: 0


Guests: 67


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits