For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
Anybody know how I can protect my tmp folder? It's been hacked twice. I was using 1.0.4 and I got hacked. Now I'm using 1.1.1 and I got hacked again. CMSMade Simple does not seem to be all that secure to me.
I'm running the following:
Linux
Apache version 1.3.37
PHP version 4.4.6
MySQL version 4.1.22-standard
My temp folder is chmod 777, so is cache and templates_c
Any help would be appreciated.
Thanks,
David
Last edited by screamingfingers on Tue Sep 11, 2007 6:14 pm, edited 1 time in total.
Someone put some files in my tmp folder and the server admin had to take down the server and delete tmp folder. They were somehow using the server to surf the internet, amonst other things. Below is the email I got from my server admin:
Hello David,
We had faced the problem related to high outbound traffic from the server where your domain is hosted. After investigating the issue, we had found some malicious files in your domain. I have attached the list of all the malicious files. All the files were in /public_html/tmp/cache/. Moreover, this folder had full access (777 permissions). Hence, an immediate effect, we had to remove this folder from your domain. I request you kindly upgrade the version of CMS Made Simple from 1.0.5 to 1.1.1 at the earliest. Kindly update us once you upgrade the current version.
If you have any further query or concern, feel free to contact us.
Best regards,
Kris A.
----------------------------------
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Last edited by Rolf on Fri Sep 21, 2012 1:03 pm, edited 1 time in total.
Reason:removed list of hack files
screamingfingers wrote:
Anybody know how I can protect my tmp folder? It's been hacked twice. I was using 1.0.4 and I got hacked. Now I'm using 1.1.1 and I got hacked again. CMSMade Simple does not seem to be all that secure to me.
I'm running the following:
Linux
Apache version 1.3.37
PHP version 4.4.6
MySQL version 4.1.22-standard
My temp folder is chmod 777, so is cache and templates_c
Any help would be appreciated.
Thanks,
David
That feels like someone got console or similar access given nobody/nobody was chmod'd rather than using the user/group of the web server process. How good is your server ? - Try this...stick webadmin.php onto your server and see if you can wander up out of your web space to other parts of the server - if so then others can too). They just used your tmp area as handy disk space rather than an exploit via CMSMS and the fact that it's happened twice means that the original hole isn't closed and the same hacker just happens to remember your pathname (I doubt it's personal
It's now happened a 3rd time. I did as you said with webadmin and I don't seem to be able to change into an upper level directory. But I get an error message when I do try to go to change directory up. Warning: array_key_exists() [function.array-key-exists]: The second argument should be either an array or an object in /home/webworld/public_html/webadmin.php on line 1326
I don't know, there is a security hole somwhere here and I don't know where it is.
I think I found the answer. It appears that my project management software is to blame. I'm using Dotproject 2.0.4. Thier website even says to upgrade to this version to protect from this. Everytime they hack me, it brings down my website, because they are using the cmsms tmp directory to do thier dirty work.
it doesnt has to be poor security on the server, if someone hacked your Dotproject software and they had access to your public_html because of that, all they had to do was search for a folder which had a 777 permission.
Anybody know how I can protect my tmp folder? It's been hacked twice. I was using 1.0.4 and I got hacked. Now I'm using 1.1.1 and I got hacked again. CMSMade Simple does not seem to be all that secure to me.
