1
timgno
My site xoops attacked
  • 2012/10/25 6:41

  • timgno

  • Module Developer

  • Posts: 1504

  • Since: 2007/6/21


Between yesterday and tonight my site TXMod Xoops was attacked some of the contents are gone, the homepage has to know the contents, protectore no longer works comes out blank page in administration, it works only English even though I set the Italian language preferences.

Between the tabs can be seen that smarty does not receive good variables, while having checked that the files have all variables right.

I think this could have happened because of my decision to stop recording the new site mobile.txmodxoops.org after continuous recordings of users with typed names at random on the computer keyboard type: wetrygfdssdfggfdws@gfdssdfggfdsdg.com

Yesterday in fact I have eliminated all about a twenty

If you restore an old backup, I lose all the content that I have added so far.

I think you need to review a little bit about security in xoops.

2
Dante7237
Re: My site xoops attacked
  • 2012/10/25 14:19

  • Dante7237

  • Friend of XOOPS

  • Posts: 294

  • Since: 2008/5/28


The trouble most likely isn't with XOOPS but with your php.ini settings and .htaccess setup.

I've had some of the best take a run at my site and they all go away shaking their heads.

Send me your php.ini via the feedback on my site and I'll be happy to scan it for obvious exploitable settings.

3
timgno
Re: My site xoops attacked
  • 2012/10/25 14:35

  • timgno

  • Module Developer

  • Posts: 1504

  • Since: 2007/6/21


My host is with others, so I can not change it.

They are the administrators of the host that can do changes.

4
Mamba
Re: My site xoops attacked
  • 2012/10/25 15:59

  • Mamba

  • Moderator

  • Posts: 11245

  • Since: 2004/4/23


Without looking into Apache logs, you don't know how they've got access to your website.

There tens of ways to hack into a server via Apache, or via another user's Website, since you're on a shared server. So as long as they don't do a "forensic" analysis of what happen and how the hacker got access, it's not correct to blame XOOPS or anybody else.
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

5
timgno
Re: My site xoops attacked
  • 2012/10/25 16:22

  • timgno

  • Module Developer

  • Posts: 1504

  • Since: 2007/6/21


Quote:

Mamba wrote:
..., it's not correct to blame XOOPS or anybody else.


No Michael...!

I was not blaming XOOPS, but I was trying to say that for shared hosting (even professional) we need should find a solution to prevent internal attacks also

Viva XOOPS

6
Mamba
Re: My site xoops attacked
  • 2012/10/25 16:38

  • Mamba

  • Moderator

  • Posts: 11245

  • Since: 2004/4/23


Quote:
we need should find a solution to prevent internal attacks also

It's not possible.

If have hacked Apache and have access to the server and all files and the database as Admin, how could I protect anything? I can just go and change the password in the DB, add/delete files, etc.

The only thing that we can do is to make sure that the hacker will not get access to the server through XOOPS, or to XOOPS itself.

So as I said - the key is to do "forensic analysis" by looking at logs and see what was changed, when, and by whom, to find out how they've got access. Without it, it's like walking in total darkness! How could we fix anything, if we don't know what caused that?
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

7
timgno
Re: My site xoops attacked
  • 2012/10/25 16:43

  • timgno

  • Module Developer

  • Posts: 1504

  • Since: 2007/6/21


It' has happened before, but administrators say that for them it's ok

8
redheadedrod
Re: My site xoops attacked

Sounds like your only options are to move your site to a place you can secure or to make often backups of your site that you can restore on a moments notice and be reasonably up to date.

9
Anonymous
Re: My site xoops attacked
  • 2012/10/25 22:52

  • Anonymous

  • Posts: 0

  • Since:


As Mamba said before, without research and looking at logfiles it can be anything. So making assumptions about hacking, wrong .htaccess or lack of good backups are too early, given the little information timgno gave us.

For instance, did you already check if your hoster made any changes on the server? Like updating apache, php or sql.

10
timgno
Re: My site xoops attacked
  • 2012/10/26 7:04

  • timgno

  • Module Developer

  • Posts: 1504

  • Since: 2007/6/21


Quote:

flipse wrote:
...
For instance, did you already check if your hoster made any changes on the server? Like updating apache, php or sql.


He's right flipse, I asked the server administrator and now everything works ok.

I think they did not warn me about updates.

Usually always do.

Login

Username:
Password:

Lost Password? Register now!

Who's Online

66 user(s) are online (46 user(s) are browsing Support Forums)


Members: 0


Guests: 66


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits