CMS Made Simple Forums

Anybody know how I can protect my tmp folder? It's been hacked twice. I was using 1.0.4 and I got hacked. Now I'm using 1.1.1 and I got hacked again. CMSMade Simple does not seem to be all that secure to me.

I'm running the following:
Linux
Apache version 1.3.37 
PHP version 4.4.6
MySQL version 4.1.22-standard

My temp folder is chmod 777, so is cache and templates_c

Any help would be appreciated.

Thanks,

David

How was your tmp folder hacked and what do you mean by that?
What damage did the hacker cause?

Please explain more.

Nullig

Someone put some files in my tmp folder and the server admin had to take down the server and delete tmp folder. They were somehow using the server to surf the internet, amonst other things. Below is the email I got from my server admin:

Hello David,

We had faced the problem related to high outbound traffic from the server where your domain is hosted. After investigating the issue, we had found some malicious files in your domain. I have attached the list of all the malicious files. All the files were in /public_html/tmp/cache/. Moreover, this folder had full access (777 permissions). Hence, an immediate effect, we had to remove this folder from your domain. I request you kindly upgrade the version of CMS Made Simple from 1.0.5 to 1.1.1 at the earliest. Kindly update us once you upgrade the current version.

If you have any further query or concern, feel free to contact us.

Best regards,

Kris A.
----------------------------------

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

screamingfingers wrote: Anybody know how I can protect my tmp folder? It's been hacked twice. I was using 1.0.4 and I got hacked. Now I'm using 1.1.1 and I got hacked again. CMSMade Simple does not seem to be all that secure to me.

I'm running the following:
Linux
Apache version 1.3.37 
PHP version 4.4.6
MySQL version 4.1.22-standard

My temp folder is chmod 777, so is cache and templates_c

Any help would be appreciated.

Thanks,

David

That feels like someone got console or similar access given nobody/nobody was chmod'd rather than using the user/group of the web server process. How good is your server ? - Try this...stick webadmin.php onto your server and see if you can wander up out of your web space to other parts of the server - if so then others can too). They just used your tmp area as handy disk space rather than an exploit via CMSMS and the fact that it's happened twice means that the original hole isn't closed and the same hacker just happens to remember your pathname (I doubt it's personal

It's now happened a 3rd time.  I did as you said with webadmin and I don't seem to be able to change into an upper level directory. But I get an error message when I do try to go to change directory up. Warning: array_key_exists() [function.array-key-exists]: The second argument should be either an array or an object in /home/webworld/public_html/webadmin.php on line 1326


I don't know, there is a security hole somwhere here and I don't know where it is.

When they hack my tmp folder it brings my website down and I have to reinstall everything again. Is there no one that can help me?

Hi David,

Do you run other (unsecure) software on your web account?
Have you checked the logs for a hacker door?
Have you tried to set CHMOD 0777?

I think I found the answer. It appears that my project management software is to blame. I'm using Dotproject 2.0.4. Thier website even says to upgrade to this version to protect from this. Everytime they hack me, it brings down my website, because they are using the cmsms tmp directory to do thier dirty work.

Dot Project is the backdoor to my website.

Do you think this reflects poor securityon the server? I'm using accuhosting.com something like that.

Thanks,


david

it doesnt has to be poor security on the server, if someone hacked your Dotproject software and they had access to your public_html because of that, all they had to do was search for a folder which had a 777 permission.