Clan Adverts

Sponsors

CT on Facebook

Latest Product

Battlefield 3 Stats Module
Battlefield 3 Stats Module

User Box

Anonymous
38.107.179.220
Nickname:

Password:

Security Code
Security Code
Type Security Code


PND Downloads Feed

Phpnuke Downloads
How to Delete or Reset yo...
How to Delete or Reset your PHPNuke Admin Account
Lost your admin password ?  Cant login to your admin account ?This sh...
Back Online & Stuff
Back Online & Stuff
Look at us with our nifty website back up and running… Seriousl...
How to edit the admins in...
How to edit the admins in the forums
Here is a way to make someone admin in your forums on your Evo site. I...
Demo Splash Screen
Demo Splash Screen
Ped @ Clan Themes has released a simple splash screen entrance hack. ...
Free Phpnuke Business The...
Free Phpnuke Business Theme 6
This is the 6th Business theme for Phpnuke that Clan Themes has releas...
Tricked Out Slider
Tricked Out Slider
We have seen some great new things come out of Tricked Out News and th...

Custom Work

PHP Nuke Custom Work

www.clanthemes.com :: View topic - **IMPORTANT** Hall of Shame Module Vulnerability Found
**IMPORTANT** Hall of Shame Module Vulnerability Found

4 Replies / 2239 Views
Post new topic   Reply to topic  

   www.clanthemes.com Forum Index » Bugs/Issues

View previous topic :: View next topic

Duck
Reputation: 484.9 Add RepSubtract Rep
Local time: 8:00 PM

blank.gif

 Tree Hugger
Tree Hugger

0.03 posts per day
Medals: 0
Joined: Jan 07, 2007
Last Visit: 16 Aug 2010
Posts: 51
Points: 7407 
Post **IMPORTANT** Hall of Shame Module Vulnerability Found Posted: Wed Sep 26, 2007 8:15 pm
I would like to inform the community that I discovered a vulnerablility in the Hall of Shame Module (HoS) I wrote.

It came to my attention that my server was running a script that was using up processor resources and lagging my shared host environment. The process was running under my account so I did some searching and found out there were files uploaded to the HoS punkss and punkdemo folders where files uploaded by admins are stored.

It seemms they were using my server as a mail and chat relay. I still looking into the matter to figure out how they got in and how to make sure it doesn't happen agin but in the meantime I wanted to inform the community so people can secure themselves as quickly as possible.

First step to do is check for any subfolders under punkss and punkdemos and delete ANY and ALL subfolders you find. The subfolders I found were named _vti_bin and ... and .a After that create an htacess file with the following lines in it and put in those folders.

<Limit GET POST>
order deny,allow
deny from all
</Limit>

This should protect you till I can create an update with security fixes.

Lastly check to make sure you have no cron job scheduled for which you did not create.

Also as extra measure if you did have these subfolders existing I would recommend all admins change their passwords and also your hosting company passwords. (I don't believe my passwords were compromised as I would have found additional traces of files elsewhere but I like to err on the side of caution during these times).

Sorry I don't have an update yet but I just found out about this in this past hour and want to inform everyone right away. I will do my best to come up with an update by this weekend sometime.

Thank You,

Duck
 

 
View user's profileSend private messageMSN Messenger Reply with quote

floppy
Reputation: 2087.2 Add RepSubtract Rep
votes: 22
Local time: 5:00 AM
Location: Jackson Mississippi
usa.gif

 Site Admin
Site Admin

1.73 posts per day
Medals: 2 (View more...)
Super Dedicated User (Amount: 1)
Scripts/Coder
Scripts/Coder
Joined: Nov 14, 2006
Last Visit: 27 Jan 2012
Posts: 3313
Points: 132023 
Post **important** hos vulnerability found! Posted: Wed Sep 26, 2007 10:02 pm
Shop Purchases:Clan Roster 2.0 · Multi Gaming (Warrior) Evo Theme · COD6 ModernWarfare 2 Teaser Splash Screen · Left for Dead Evo Extreme Version
Great! Thanks for posting! If you will submit some news I sticky it.
 

Phpnuke Downloads | VMaxxRx Male Enhancement  
View user's profileSend private messageVisit poster's website Reply with quote

Duck
Reputation: 484.9 Add RepSubtract Rep
Local time: 8:00 PM

blank.gif

 Tree Hugger
Tree Hugger

0.03 posts per day
Medals: 0
Joined: Jan 07, 2007
Last Visit: 16 Aug 2010
Posts: 51
Points: 7407 
Post **important** hos vulnerability found! Posted: Wed Sep 26, 2007 11:32 pm
I'd also like to ask if anyone has found they're compromised can they please note the files modified times of the subfolders (before you delete them of course) and if possible send me copies of any log files they have for those times to help me track what exactly they did to get in. Or any other info you might think is useful.

Thanks.
 

 
View user's profileSend private messageMSN Messenger Reply with quote


Ped
Reputation: 64 Add RepSubtract Rep
votes: 35
Local time: 11:00 AM
Location: Great British Empire
uk.gif

 Site Founder
Site Founder

2.33 posts per day
Medals: 2 (View more...)
Forums MoD (Amount: 1)
Theme Guru
Theme Guru
Joined: Nov 13, 2006
Last Visit: 10 Feb 2012
Posts: 4467
Points: 181248 
Post Re: **important** hos vulnerability found! Posted: Thu Sep 27, 2007 9:01 am
Shop Purchases:Clan Roster 2.0 · Bad Company 2 Vietnam Xtreme Theme
Stickied this thread, thanks for the info duck
 

 
View user's profileSend private messageSend e-mail Reply with quote

Duck
Reputation: 484.9 Add RepSubtract Rep
Local time: 8:00 PM

blank.gif

 Tree Hugger
Tree Hugger

0.03 posts per day
Medals: 0
Joined: Jan 07, 2007
Last Visit: 16 Aug 2010
Posts: 51
Points: 7407 
Post **IMPORTANT** Hall of Shame Module Vulnerability Found Posted: Thu Sep 27, 2007 3:38 pm
Thanks,

Yes I still haven't been able to confirm how they did it. It is possible it is not related to the scripts themselves and actually a problem related to one of my admins but until I can be sure I wanted to spread the word and keep people safe. This is why I am also asking anyone to contact me if they find they have been compromised so I can make sure it is the scripts and not something else. Unfortunately my log files are of no use cause I did a server move recently and can't check to see how they were able to compromise me which makes my problem of troubleshooting more difficult. I will keep everyone updated though once I figure it out.
 

 
View user's profileSend private messageMSN Messenger Reply with quote
Post new topic   Reply to topic  
   www.clanthemes.com Forum Index » Bugs/Issues


 
4 Replies / 2239 Views
Page 1 of 1
All times are GMT
Display posts from previous:   
 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
 

Company Information
Home · About Us · Affiliates · Advertising
Link To Us · Newsletter · Contact Us · Site Map
All content © Clan Themes 2006 - 2012
Based on RavenNuke