SmartFAQ is developed by The SmartFactory (http://www.smartfactory.ca), a division of InBox Solutions (http://www.inboxsolutions.net)

Help! My site has been hacked and is sending all kinds of spyware and virusses!
  Requested and Answered by Herko on 2005/10/17 19:38:19     9542  reads 
First of all, count to 10 to calm down. It may not be as serious as it looks right now, but we need to look carefully what is causing this.

We have had some occasions where the website was sending all kinds of virusses, spyware, malware and adware along with the XOOPS pages. If you can still access your website (despite all the warnings etc.), your site may not be *hacked* as such, but more like *hijacked*. What does this mean?

Many shared hosting providers do not run each account under a separate apache instance, but use the default 'apache' user and group created on initial install, and use a vhost for each website on that server. Apache runs under this special credentials for all those websites.
So where you need to give your application "write access" you need to give this "apache" user write access (generally it means: making the folder world-writable). If the owner had write access, it wouldn't mean anything to the "apache" user, and PHP wouldn't be able to write anything.
Now, what happens is that all the websites that run on the same shared server, run under this "apache" user... So where you give write access to apache, you're giving write access to EVERY malicious user sharing the same server.

And this is what happened. Users from the same server (not just anyone) misused your folder to spread their malicious codes.

Now, how to solve this:
Fire up your ftp engine, log in to your server and remove all the files from the templates_c/ folder.
Note: this will stop the current attack, not stop it from occurring again.

Now, is this a XOOPS problem or not? I say no, because:
1) Smarty REQUIRES the possibility to write some files, so it can't be changed.
2) Even if we could change this, it would not change much: these server configurations are EXTREMELY unsafe.

The solution to this is to have each site run under a different apache user, using suexec. The problem is that all the "safe" solutions are less scalable, and are not that popular, especially with shared hosting servers. So, you will have to contact your hosting provider and have them look into this problem.

EDIT: Carnuke~ please update your site to 2.0.13.2 ASAP


The comments are owned by the author. We aren't responsible for their content.
user

 System security update


Please update your XOOPS version to 2.0.13.2 ASAP.

 


Login

Who's Online

69 user(s) are online (1 user(s) are browsing XOOPS FAQ)


Members: 0


Guests: 69


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Did you know ?

A large number of XOOPS sites that are hacked are because the owner failed to set the correct file system permissions on critical XOOPS files and folders.

Random question

Can you show me an example of a theme style sheet with comments?