My site xoops attacked [Quality Assurance] - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

1

My site xoops attacked

2012/10/25 6:41
timgno
Module Developer
Posts: 1504
Since: 2007/6/21

Between yesterday and tonight my site TXMod Xoops was attacked some of the contents are gone, the homepage has to know the contents, protectore no longer works comes out blank page in administration, it works only English even though I set the Italian language preferences.

Between the tabs can be seen that smarty does not receive good variables, while having checked that the files have all variables right.

I think this could have happened because of my decision to stop recording the new site mobile.txmodxoops.org after continuous recordings of users with typed names at random on the computer keyboard type: wetrygfdssdfggfdws@gfdssdfggfdsdg.com

Yesterday in fact I have eliminated all about a twenty

If you restore an old backup, I lose all the content that I have added so far.

I think you need to review a little bit about security in xoops.

2

Re: My site xoops attacked

2012/10/25 14:19
Dante7237
Friend of XOOPS
Posts: 294
Since: 2008/5/28

The trouble most likely isn't with XOOPS but with your php.ini settings and .htaccess setup.

I've had some of the best take a run at my site and they all go away shaking their heads.

Send me your php.ini via the feedback on my site and I'll be happy to scan it for obvious exploitable settings.

3

Re: My site xoops attacked

2012/10/25 14:35
timgno
Module Developer
Posts: 1504
Since: 2007/6/21

My host is with others, so I can not change it.

They are the administrators of the host that can do changes.

4

Re: My site xoops attacked

2012/10/25 15:59
Mamba
Moderator
Posts: 11409
Since: 2004/4/23

Without looking into Apache logs, you don't know how they've got access to your website.

There tens of ways to hack into a server via Apache, or via another user's Website, since you're on a shared server. So as long as they don't do a "forensic" analysis of what happen and how the hacker got access, it's not correct to blame XOOPS or anybody else.

Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

5

Re: My site xoops attacked

2012/10/25 16:22
timgno
Module Developer
Posts: 1504
Since: 2007/6/21

Quote:

Mamba wrote:
..., it's not correct to blame XOOPS or anybody else.

No Michael...!

I was not blaming XOOPS, but I was trying to say that for shared hosting (even professional) we need should find a solution to prevent internal attacks also

Viva XOOPS

6

Re: My site xoops attacked

2012/10/25 16:38
Mamba
Moderator
Posts: 11409
Since: 2004/4/23

Quote:

we need should find a solution to prevent internal attacks also

It's not possible.

If have hacked Apache and have access to the server and all files and the database as Admin, how could I protect anything? I can just go and change the password in the DB, add/delete files, etc.

The only thing that we can do is to make sure that the hacker will not get access to the server through XOOPS, or to XOOPS itself.

So as I said - the key is to do "forensic analysis" by looking at logs and see what was changed, when, and by whom, to find out how they've got access. Without it, it's like walking in total darkness! How could we fix anything, if we don't know what caused that?

Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

7

Re: My site xoops attacked

2012/10/25 16:43
timgno
Module Developer
Posts: 1504
Since: 2007/6/21

It' has happened before, but administrators say that for them it's ok

8

Re: My site xoops attacked

2012/10/25 18:16
redheadedrod
Home away from home
Posts: 1296
Since: 2008/2/26

Sounds like your only options are to move your site to a place you can secure or to make often backups of your site that you can restore on a moments notice and be reasonably up to date.

9

Re: My site xoops attacked

2012/10/25 22:52
Anonymous
Posts: 0
Since:

As Mamba said before, without research and looking at logfiles it can be anything. So making assumptions about hacking, wrong .htaccess or lack of good backups are too early, given the little information timgno gave us.

For instance, did you already check if your hoster made any changes on the server? Like updating apache, php or sql.

10

Re: My site xoops attacked

2012/10/26 7:04
timgno
Module Developer
Posts: 1504
Since: 2007/6/21

Quote:

flipse wrote:
...
For instance, did you already check if your hoster made any changes on the server? Like updating apache, php or sql.

He's right flipse, I asked the server administrator and now everything works ok.

I think they did not warn me about updates.

Usually always do.

Login

Username

Password

Remember me

Register now! | Lost Password?

Search

Advanced Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

11/18 11:08 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/18 11:06 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/16 12:32 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 18:06 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 5:33 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 5:29 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 4:39 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 3:50 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 3:31 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 1:48 Mamba

Who's Online

344 user(s) are online (198 user(s) are browsing Support Forums)

Members: 0

Guests: 344

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}