Pages: [1] 
|
 |
|
 Author
|
Topic: Hacked Site (Read 2737 times)
|
|
drewser
|
Thanks for the heads up on how to fix the hacking for Mambo, etc. But I am somewhat confused. How am I affected by Mambo,Joomla and Xoops, if neither myself or my site is using them? How can I remove this from my site via Cpanel, since according to my list of installed applications, none of those 3 applications was installed, but yet my site was hacked anyway... BTW, my site is www.fbiyouth.webs4christ.comAndrew |
|
|
|
« Last Edit: January 20, 2006, 10:56:44 AM by drewser »
|
Logged
|
|
|
|
|
Jennifer
|
What application are you using and why do you think your site was hacked?
Jen
|
|
|
|
|
Logged
|
|
|
|
|
drewser
|
YaBBSe v1.5.5 (php Discussion Forum). Is this a php hacking problem? If so, How can I upgrade/patch the PHP server, being I am not a SysAdmin. As for how do I know it was hacked? I was emailed by a SysAdmin that it was hacked. I was told to post my problem here in this discussion forum, as the site is a free site graciously hosted by alphaone. I am merely trying to do my part and maintain security of what I run the site they host. My question is realted to this thread... http://www.alphaone-tech.com/smf/index.php/topic,758.0.htmlWhich is also related to this thread: http://www.alphaone-tech.com/smf/index.php/topic,27.0.htmlEither way, I need to better understand the security issues regarding the application on the site they host for me, as so far I have not found any patches/security updates for the application installed. Perhaps what needs to occur is a new software needs to be installed (gasp, shudders at the thought), because according to this, YaBBSe is being put to rest as a project, meaning security updates may not be developed for the final released version. http://www.yabbse.org/yse_history.htmlAccording to this site, version 1.5.5 takes care of SQL injection vulnerabilities... http://www.sans.org/newsletters/risk/vol3_3.phpAlso, according to the decoded Base64 data in some new files found in one of the folders, I find these sites via google... http://cutephp.com/forum/index.php?showtopic=13398http://www.jaguarpc.com/forums/showthread.php?t=13305I wonder if this vulnerability is realted to this one... http://www.xatrix.org/article.php?s=2576Or any one of three on this one page... http://seclists.org/lists/bugtraq/2004/Mar/0001.htmlEither way, it seems that something is rotten in Denmark. Being a software developer myself, it only makes sense to either secure the application already installed, or to install a more secure application (which may intorduce brand new security issues altogether). Maybe I will get a descent reply from a SysAdmin soon. Thanks for your reply. |
|
|
|
|
Logged
|
|
|
|
|
drewser
|
I also just noticed that this very supprt forum is running SMF, the recommended next level for YaBBse upgrade, since YaBBSe is no longer supported.
|
|
|
|
|
Logged
|
|
|
|
|
AlphaWolf
|
A lot has gone wrong in Denmark.
Two sites, (possibly more), have been seriously hacked by a hack that takes advantage of some of the security holes that are required to ALLOW most of the standard PHP apps to run! These two sites have been identified as the starting culprits for the current wave of hacking attempts.
Our advise is to upgrade to SMF AND disable any uploding capabilities in SMF.
|
|
|
|
|
Logged
|
|
|
|
|
drewser
|
Thankyou for your reply. I will be looking into upgrading to SMF asap.
Thanks!
Andrew
|
|
|
|
|
Logged
|
|
|
|
|
drewser
|
Ok, so it took about 2 hours to upgrade (I had to manually create the folders on the server because WS_FTP could not create the folders during the copy).
I did get an odd error the first run through the upgrade.php, but then I clicked refresh on the browser and everything continued to progress again.
Everything seems to be working fine now, other than my disk usage being pushed to the max with the new forum. Looks like I will have to determine which forum style to use and delete the others out of the folder structure.
Andrew
|
|
|
|
|
Logged
|
|
|
|
|
AlphaWolf
|
WS FTP couldn't create the folders? Hmmm...if you are one of our free hosting accounts are you a subdomain of Webs 4 Christ? That might account for it, but not likely.
I think you will find that SMF is hands down a better, faster BBS than YaBBSe
peace
Wolf
|
|
|
|
|
Logged
|
|
|
|
|
Pages: [1] 
|
|
|
 |
AlphaOne Technology Support Forums
