1
otisredding
Anyone been hacked like this?
  • 2007/1/9 18:25

  • otisredding

  • Just popping in

  • Posts: 7

  • Since: 2005/8/25


A couple days ago, someone hacked my XOOPS site by uploading files to the cache directory. It was a fake bank site scam. Anyone had this happen before? Any chance they could have done this via XOOPS itself and not ftp?

xoops 2.0.13.1
modules:
- wfsection
- agendax
- wiwimod
- myMedia
- CBB

Thanks,
Carmine

2
frankblack
Re: Anyone been hacked like this?
  • 2007/1/9 18:29

  • frankblack

  • Just can't stay away

  • Posts: 830

  • Since: 2005/6/13


Your XOOPS itself and some of the modules you use are a bit older.

Maybe you should upgrade your XOOPS and if available your modules. A few security fixes were released since 2.0.13.1

3
coopersita
Re: Anyone been hacked like this?

That happened to me once. I don't know if it was XOOPS or ftp, but I think ftp.

I just changed the chache and template_c permissions to 755. Once in a while I change them back to 777, and let them rebuild for about a day.

Is your host surpasshosting, by any chance?

4
otisredding
Re: Anyone been hacked like this?
  • 2007/1/9 18:45

  • otisredding

  • Just popping in

  • Posts: 7

  • Since: 2005/8/25


Nah, I'm not surpass.

So if I change the perms to 755 it won't affect XOOPS at all? Why the need to "let them rebuild" for a day or so once in a while?

Also, this wouldn't protect the uploads directory, as that _must_ be 777, no?

Sorry about all the questions!

Carmine

5
vaughan
Re: Anyone been hacked like this?
  • 2007/1/9 21:46

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


i dunno how your server is setup, but on my test site (which is surpass) if i use php 4 (default) on their servers then i can set permissions to 755 for all folders and XOOPS works perfectly including writing to those folders.

it all depends on how the server admin has configured php and suexec.

in essence 777 should not be needed on a properly configured PHPsuexec server.

6
coopersita
Re: Anyone been hacked like this?

templates_c needs to be writable by XOOPS (so pages can be cached there). In some servers it can be 755, others has to be 777.

You can try 755, and if it works, then you're set. If you needed the 777, then you have to let the system rebuild the templates once in a while (so you don't get blank pages, or outdated content).

I had that problem with surpass about a year or more ago. Maybe they fixed it, because I hadn't had to let the templates rebuild for a long time (I used to get emails from users about blank pages).

That has been my experience...

7
otisredding
Re: Anyone been hacked like this?
  • 2007/1/18 15:39

  • otisredding

  • Just popping in

  • Posts: 7

  • Since: 2005/8/25


Just in case anyone is following this thread (or searches for it later on), turns out it wasn't hacked via xoops, but via one of my own php pages that foolishly did an "include" of whatever was passed in through a GET variable. Zoinks!

Thanks for all the replies.

Login

Who's Online

258 user(s) are online (184 user(s) are browsing Support Forums)


Members: 0


Guests: 258


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits