IntegraMOD

[CCWorks]

Your phpBB Version: 2.0.
phpBB Type: Integramod 141
MODs: No
Your knowledge: Beginner
Board URL: http://www.ccworks.org

PHP Version:
MySQL Version: 4.0


What was done before the problem appeared?
Nothing all was well


What was done to try to solve the problem?
still working with my host



De.scription and Message

Yesterday my site got hacked, donà ¢Ã¢â€š ¬Ã¢â€ž ¢t know if they came in through 141 or somewhere else. All I know is every directory on my host is gone. Is it possible for someone to get root access to a web host through 141 or PhP in general. I donà ¢Ã¢â€š ¬Ã¢â€ž ¢t understand how? I can see defacement, but root access? <img>

[CCWorks]

just got my site back up and was looking around.

Could this have let them in, and how do I fix it?

[CCWorks]

just got my site back up and was looking around.

Could this have let them in, and how do I fix it?

[CCWorks]

just got my site back up and was looking around.

Could this have let them in, and how do I fix it?


PHP Version (Visit Website) 4.4.7 4.4.7 SAFE
ÂÂ » PHP SAFE MODE OFF ON CAUTION
ÂÂ » PHP GLOBALS ON OFF CAUTION
phpBB Version (Visit Website) 2.0.22 2.0.22 SAFE
ÂÂ » Account Activation ON ON SAFE
CBACK CrackerTracker (Visit Website) 5.0.3 5.0.3 SAFE


Sorry for the extras, had an error on upload so I tried again.

[Helter]

safe mode will cripple your site, but globals should always be off

[CCWorks]

Thanks, how do I fix it?

[Helter]

globals are almost always off by default. You can check this in acp/Tools/PHP info

if they are on, you can edit your php.ini.
The most common place to find it on a *nix server is /usr/local/lib/php.ini

[CCWorks]

I know I should just box this thing up and give it to someone that has a clue, but i have looked everywhere for the php.ini

Could you give me some direction.
I cant find a directory that looks like that.

all three of my sites have safe mode off and globals on.

[CCWorks]

O.K. Ive made progress, my host apparently only allows certain changes. I have to put an ini file in every directory with the below restrictions. How would I write one to turn on safe mode and turn off globals? One that I can put in every directory.



From my host
à ¢Ã¢â€š ¬Ã…“You will not use a full php.ini file to make changes to PHP directives. The file should only contain
the directives to be changed, as in the example above. You will need a php.ini file in every directory
for which you want the changes to apply.à ¢Ã¢â€š ¬

[CCWorks]

I tried adding this ini

[PHP]

;;;;;;;;;;;;;;;;;;;
; About this file ;
;;;;;;;;;;;;;;;;;;;
; This file controls many aspects of PHP's behavior. In order for PHP to
; read it, it must be named 'php.ini'. PHP looks for it in the current
; working directory, in the path designated by the environment variable
; PHPRC, and in the path that was defined in compile time (in that order).
; Under Windows, the compile-time path is the Windows directory. The
; path in which the php.ini file is looked for can be overriden using
; the -c argument in command line mode.
;
; The syntax of the file is extremely simple. Whitespace and Lines
; beginning with a semicolon are silently ignored (as you probably guessed).
; Section headers (e.g. [Foo]) are also silently ignored, even though
; they might mean something in the future.
;
; Directives are specified using the following syntax:
; directive = value
; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
;
; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo").
;
; Expressions in the INI file are limited to bitwise operators and parentheses:
; | bitwise OR
; & bitwise AND
; ~ bitwise NOT
; ! boolean NOT
;
; Boolean flags can be turned on using the values 1, On, True or Yes.
; They can be turned off using the values 0, Off, False or No.
;
; An empty string can be denoted by simply not writing anything after the equal
; sign, or by using the None keyword:
;
; foo = ; sets foo to an empty string
; foo = none ; sets foo to an empty string
; foo = "none" ; sets foo to the string 'none'
;
; If you use constants in your value, and these constants belong to a dynamically
; loaded extension (either a PHP extension or a Zend extension), you may only
; use these constants *after* the line that loads the extension.
;
; All the values in the php.ini-dist file correspond to the builtin
; defaults (that is, if no php.ini is used, or if you delete these lines,
; the builtin defaults will be identical).


;;;;;;;;;;;;;;;;;;;;
; Language Options ;
;;;;;;;;;;;;;;;;;;;;

; Safe Mode
safe_mode = On
; Setting certain environment variables
; may be a potential security breach.
; This directive contains a comma-delimited
; list of prefixes. In Safe Mode, the
; user may only alter environment
; variables whose names begin with the
; prefixes supplied here.
; By default, users will only be able
; to set environment variables that begin
; with PHP_ (e.g. PHP_FOO=BAR).
; Note: If this directive is empty, PHP
; will let the user modify ANY environment
; variable!
safe_mode_protected_env_vars = LD_LIBRARY_PATH ; This directive contains a comma-
; delimited list of environment variables,
; that the end user won't be able to
; change using putenv().
; These variables will be protected
; even if safe_mode_allowed_env_vars is
; set to allow to change them.



register_globals = Off ; Whether or not to register the EGPCS variables as global
; variables. You may want to turn this off if you don't want
; to clutter your .scripts' global scope with user data. This makes
; most sense when coupled with track_vars - in which case you can
; access all of the GPC variables through the $HTTP_*_VARS[],
; variables.
; You should do your best to write your .scripts so that they do
; not require register_globals to be on; Using form variables
; as globals can easily lead to possible security problems, if
; the code is not very well thought of.

and i get this






Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 35 bytes) in /blocks/blocks_imp_recent_topics.php on line 57


Direction?

[jwernerny]

Try adding:

Code: Select all

ini_set('memory_limit', '16M');

Also, If you are on a shared server, hackers can get into any directory that allows global writing just by loading the right piece of software on _any_ unsecured account on the machine. The software is kind of cool, once it is installed, it can do such things as scan for unprotected folders and even automatically copy itself there for later reference.

- John