Hi, I've been repeatedly hacked and I can't figure it out. I keep having an eggdrop-based bot placed in my /tmp/cache directory. I'm running CMSMS v1.0.2 and I've got the following modules installed...
CMSMailer 1.73.10
CSSMenu 1.2.2
EllNav 0.7
FCKeditorX 1.0.3
FeedbackForm 0.9.15
MenuManager 1.2
ModuleManager 1.1.3
News 2.1
nuSOAP 1.0.1
Does anyone see anything vulnerable here? Also, is there any way I can remove write permissions on the cache directory OR use some sort of .htaccess method to limit what can happen in that directory. I've looked though my log files, but I don't see anything weird. My host wants to strangle me, please help!
thanks,
jimp
Security problem with 1.0.2??
-
cyberman
Re: Security problem with 1.0.2??
Have you installed other software on your host (not only CMSms)?
-
thejimp
Re: Security problem with 1.0.2??
Nada. Just CMSMS.cyberman wrote: Have you installed other software on your host (not only CMSms)?
-
cyberman
Re: Security problem with 1.0.2??
Hmm, what permission do you have set for this folder?
Normally only your webserver need access to cache folder ... I'm not a server guru but think you should make httpd as the one and only owner of this folder.
Normally only your webserver need access to cache folder ... I'm not a server guru but think you should make httpd as the one and only owner of this folder.
Re: Security problem with 1.0.2??
Can you get webserver logs around the time the file was placed? It's the only way we'll really be able to track down what it is.
-
thejimp
Re: Security problem with 1.0.2??
I'm having a bit of trouble getting the server logs for the time of the attack--I have access to the recent log, but I don't think it goes back far enough because there's nothing weird there. For the time being, I've made the cache NOT writable and hacked index.php so it doesn't throw errors because of this.
Obviously, this isn't an ideal solution, but it keeps things safe for the time being. As far as I can tell, the cache dir HAS to be 777 right? Is there a way to limit the file type or file size that can be written to that directory? Can I do that with htaccess?
I'll let you know if I get the logs.
thanks,
jimp
Obviously, this isn't an ideal solution, but it keeps things safe for the time being. As far as I can tell, the cache dir HAS to be 777 right? Is there a way to limit the file type or file size that can be written to that directory? Can I do that with htaccess?
I'll let you know if I get the logs.
thanks,
jimp
Re: Security problem with 1.0.2??
It doesn't have to be, like cyberman suggested only the webserver needs write access to the folder (and its contents).thejimp wrote: As far as I can tell, the cache dir HAS to be 777 right?
I usually change ownership and don't set any permissions (chmod 0744), by doing a chown -R apache tmp/templates_c tmp/cache
Regards,
D
