Page 1 of 1
Security – I've been hacked [solved]
Posted: Thu Feb 14, 2008 2:03 pm
by howey
Has anybody had any problems with security. My site was hacked recently and I am trying to find out where the problem may lie. The site is hosted on a reseller account with Fasthosts. They had a security issue last year but they seem to have safe guarded against this.
The only issue I can find is that the config file defaults back to 644 and won't stay set at 444.
Any suggestions or advice would be gratefully recieved.
I have since found these notes helpful:
http://forum.cmsmadesimple.org/index.php/topic,18584.15.html
http://forum.cmsmadesimple.org/index.php/topic,19660.new.html
Re: Security – I've been hacked
Posted: Thu Feb 14, 2008 2:47 pm
by alby
howey wrote:
Any suggestions or advice would be gratefully recieved.
Not say much about your version....
If you have a CMSMS < 1.2.3 upgrade now
Alby
Re: Security – I've been hacked
Posted: Thu Feb 14, 2008 3:02 pm
by howey
Sorry I should have said which version – I think it was 1.1.2
Any further comments would be welcome, as I am running another site but that uses version 1.2.2.
Re: Security – I've been hacked
Posted: Thu Feb 14, 2008 5:02 pm
by alby
Upgrade to 1.2.3 because there are security problem
Alby
Re: Security – I've been hacked
Posted: Thu Feb 14, 2008 7:52 pm
by Pierre M.
Hello,
howey, you are shooting yourself in the foot as you are running old unsupported releases. The latest official stable release is the only usable one and fixes bugs and security issues.
Pierre M.
Re: Security – I've been hacked
Posted: Fri Feb 15, 2008 10:33 am
by howey
I shall upgrade all my CMS systems.
For information in case it is useful, I looked at the web logs and there was a lot of activity with posts to the lib directory
shows the beta.php, the first post was to the temp.php
This is the first activity
This info may be useful – I don't know.
Any advice on how to make the system more secure, in addition to the upgrade, would be welcome.
Re: Security – I've been hacked
Posted: Fri Feb 15, 2008 3:01 pm
by Pierre M.
Hello again,
howey wrote:
This info may be useful – I don't know.
Any advice on how to make the system more secure, in addition to the upgrade, would be welcome.
Yes, thank you it is useful : I can't see a valid reason to let POSTs on /lib/ado...
Hence one more idea of rule to
URL Filtering : Limit to
GET via .htaccess in /lib/ado...
Pierre M.
Re: Security – I've been hacked
Posted: Fri Feb 15, 2008 4:57 pm
by nivekiam
I don't see any files named "beta.php" or "temp.php" in my adodb_list directory. I'm running 1.2.3 and have never ran an older version so I don't know if those use to be there. If not, then I'd try to figure out how and when those files got put there and I'd also remove.
Re: Security – I've been hacked
Posted: Tue Feb 19, 2008 1:21 pm
by Pierre M.
Pierre M. wrote:
Hence one more idea of rule to
URL Filtering : Limit to
GET via .htaccess in /lib/ado...
Silly me. May be no web access at all is needed to /lib but only local "include" access, hence allow from 127.0.0.1 and deny from elsewhere.
nivekiam wrote:
I don't see any files named "beta.php" or "temp.php" in my adodb_list directory.... I'd try to figure out how and when those files got put there and I'd also remove.
Yes, and may be security require more radicalism : backup database, backup files (includes poison), wipe out all files and folders, reupload a sane official package and rerun the install wizzard without checking the box to create the database object to keep them. Then reinstall extra modules. And upgrade. And backup.
Pierre M.
Re: Security – I've been hacked [solved]
Posted: Wed Feb 20, 2008 4:39 pm
by howey