Hack Attempt - C

Posted: Wed Oct 13, 2004 2:59 pm

Today I receievd a hack attempt. Sentinel did not catch it, however admin secure did. It was attempted against the coppermine module by adding a variable.

The details of the hack attempt actually directed me right to a Brasilian based web site. There is a file currently sitting on that server that looks very much like a sneak in, exploit and grab all script.

Could one of the site admins here please message me on Yahoo as I would like some clarification as to the best way to pass this info on to authorities and also discuss why Sentinel didn't catch this hack attempt and what measures I should take to shore this up better against this type of exploit. I didn't want to dislose the details in an open forum

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

NukeSentinel has not been designed to protect/patch 3rd party software. We have tried to protect admin.php and XSS and some other more common types of attacks that core nuke is exploitable by/to. CM in particular is prone to too many holes. It is the responsibility of the users to stay up-2-date with 3rd party patches. Just as Chatserv patches core nuke, we protect core nuke. Now, having said that, if you would like to PM or email me the hack attempt, I will be happy to look at it to see if it's a core nuke issue. If so, we will look at including it.

Posted: Wed Oct 13, 2004 4:50 pm

I did not realize that. I am glad to be more aware. Thank you. When reading your reply I sensed that I may have offended you, if that be the case please accept my apology. My questioning was not an attack on Sentinel, I in fact love the program. *LOL* I had the impression that it detected/guarded against most hack attempts to any and all modules.

I will email you the details.

Posted: Wed Oct 13, 2004 5:31 pm

I didn't mean to come across with any tone other than my frustration with CM. I have been battling with my data center host about CM for a while and yesterday an eggdrop was deposited to one of my clients because he had an insecure copy. So, CM was removed and other clients will be faced with it too. It's just plain buggy.

Posted: Wed Oct 13, 2004 5:34 pm

I hate to hear that because Menalto just will not run on my host due to the way that they have it configured. What can I do? Any suggestions? My members are used to having their own albums on my site...

Posted: Wed Oct 13, 2004 5:35 pm

I just looked at that and I know NukeSentinel stops that code. What are your settings for Filters? Is it activated and set to ban?

Posted: Wed Oct 13, 2004 5:37 pm

And also, my guess would be that maybe admin secure grabbed it before it filtered to NukeSentinel.

Posted: Wed Oct 13, 2004 5:38 pm

CurtisHancock wrote:

I hate to hear that because Menalto just will not run on my host due to the way that they have it configured. What can I do? Any suggestions? My members are used to having their own albums on my site...

Gallery? I don't know as I don't use them.

Posted: Wed Oct 13, 2004 5:39 pm

Mine is set to email, block and default page, write to htaccess, full IP and Permanent block. All of the Blocker settins are configured in this manner. I do have HTTP Auth Enabled as well.

Regarding the CM issue, I have 1.3.0 is this version safe enough to run or should I disable it?

Thanks Raven

Posted: Wed Oct 13, 2004 5:41 pm

I don't know because I don't use it. You probably need to check at their site.

Posted: Wed Oct 13, 2004 5:44 pm

Ok, thought it had closed. Sorry. Smile

Posted: Fri Oct 15, 2004 9:52 am

Coppermine 1.2.x has an exploit in the themes (thanks to me)

If you run coppermine 1.3 with old themes then you are still vulnerable

Easy fix: place a .htaccess in the modules/coppermine directory containing

Code:

deny from all

Or remove the offending theme's