Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

**IMPORTANT** HoS Vulnerability Found!
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
duck
Involved
Involved



Joined: Jul 03, 2006
Posts: 273
PostPosted: Wed Sep 26, 2007 2:55 pm Reply with quote
I would like to inform the community that I discovered a vulnerablility in the Hall of Shame Module (HoS) I wrote.

It came to my attention that my server was running a script that was using up processor resources and lagging my shared host environment. The process was running under my account so I did some searching and found out there were files uploaded to the HoS punkss and punkdemo folders where files uploaded by admins are stored.

It seemms they were using my server as a mail and chat relay. I still looking into the matter to figure out how they got in and how to make sure it doesn't happen agin but in the meantime I wanted to inform the community so people can secure themselves as quickly as possible.

First step to do is check for any subfolders under punkss and punkdemos and delete ANY and ALL subfolders you find. The subfolders I found were named _vti_bin and ... and .a After that create an htacess file with the following lines in it and put in those folders.

<Limit GET POST>
order deny,allow
deny from all
</Limit>

This should protect you till I can create an update with security fixes.

Lastly check to make sure you have no cron job scheduled for which you did not create.

Also as extra measure if you did have these subfolders existing I would recommend all admins change their passwords and also your hosting company passwords. (I don't believe my passwords were compromised as I would have found additional traces of files elsewhere but I like to err on the side of caution during these times).

Sorry I don't have an update yet but I just found out about this in this past hour and want to inform everyone right away. I will do my best to come up with an update by this weekend sometime.

Thank You,

Duck
 
View user's profile Send private message
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
PostPosted: Thu Sep 27, 2007 6:01 am Reply with quote
Thanks Duck!

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
duck
PostPosted: Thu Sep 27, 2007 10:13 am Reply with quote
Your Welcome!

BTW I am asking that if anyone discovers they have been compromised to please contact me so it can help me determine how they got in. My log files are out of date and of no use so if you have been compromised please check the date of files moddified (before you delete them ) and if you don't mind please send me your log files corresponding to those dates and/or any other info you think might be pertinent or useful.

Thanks all!
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©