CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

Security problem with 1.0.2??

https://forum.cmsmadesimple.org/viewtopic.php?t=9080

Page 1 of 1

Security problem with 1.0.2??

Posted: Wed Jan 03, 2007 1:12 pm
by thejimp
Hi, I've been repeatedly hacked and I can't figure it out. I keep having an eggdrop-based bot placed in my /tmp/cache directory. I'm running CMSMS v1.0.2 and I've got the following modules installed...

CMSMailer 1.73.10
CSSMenu 1.2.2
EllNav 0.7
FCKeditorX 1.0.3
FeedbackForm 0.9.15
MenuManager 1.2
ModuleManager 1.1.3
News 2.1
nuSOAP 1.0.1

Does anyone see anything vulnerable here? Also, is there any way I can remove write permissions on the cache directory OR use some sort of .htaccess method to limit what can happen in that directory. I've looked though my log files, but I don't see anything weird. My host wants to strangle me, please help!

thanks,
jimp

Re: Security problem with 1.0.2??

Posted: Wed Jan 03, 2007 1:19 pm
by cyberman
Have you installed other software on your host (not only CMSms)?

Re: Security problem with 1.0.2??

Posted: Wed Jan 03, 2007 1:21 pm
by thejimp
cyberman wrote: Have you installed other software on your host (not only CMSms)?
Nada. Just CMSMS.

Re: Security problem with 1.0.2??

Posted: Thu Jan 04, 2007 8:49 am
by cyberman
Hmm, what permission do you have set for this folder?

Normally only your webserver need access to cache folder ... I'm not a server guru but think you should make httpd as the one and only owner of this folder.

Re: Security problem with 1.0.2??

Posted: Thu Jan 04, 2007 10:55 am
by Ted
Can you get webserver logs around the time the file was placed?  It's the only way we'll really be able to track down what it is.

Re: Security problem with 1.0.2??

Posted: Thu Jan 04, 2007 1:36 pm
by thejimp
I'm having a bit of trouble getting the server logs for the time of the attack--I have access to the recent log, but I don't think it goes back far enough because there's nothing weird there. For the time being, I've made the cache NOT writable and hacked index.php so it doesn't throw errors because of this.

Obviously, this isn't an ideal solution, but it keeps things safe for the time being. As far as I can tell, the cache dir HAS to be 777 right? Is there a way to limit the file type or file size that can be written to that directory? Can I do that with htaccess?

I'll let you know if I get the logs.

thanks,
jimp

Re: Security problem with 1.0.2??

Posted: Thu Jan 04, 2007 2:21 pm
by Dee
thejimp wrote: As far as I can tell, the cache dir HAS to be 777 right?
It doesn't have to be, like cyberman suggested only the webserver needs write access to the folder (and its contents).
I usually change ownership and don't set any permissions (chmod 0744), by doing a chown -R apache tmp/templates_c tmp/cache

Regards,
D
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited