Ravens PHP Scripts

**IMPORTANT** HoS Vulnerability Found!
Date: Wednesday, September 26, 2007 @ 23:43:23 CEST
Topic: Security

I would like to inform the community that I discovered a vulnerability in the Hall of Shame Module (HoS) I wrote.

It came to my attention that my server was running a script that was using up processor resources and lagging my shared host environment. The process was running under my account so I did some searching and found out there were files uploaded to the HoS punkss and punkdemo folders where files uploaded by admins are stored.

It seems they were using my server as a mail and chat relay. I still looking into the matter to figure out how they got in and how to make sure it doesn't happen again but in the meantime I wanted to inform the community so people can secure themselves as quickly as possible.

First step to do is check for any sub-folders under punkss and punkdemos and

delete ANY and ALL sub-folders you find. The sub-folders I found were named _vti_bin and ... and .a After that create an .htaccess file with the following lines in it and put in those folders.

order deny, allow
deny from all

This should protect you till I can create an update with security fixes.

Lastly check to make sure you have no cron job scheduled for which you did not create.

Also as extra measure if you did have these sub-folders existing I would recommend all admins change their passwords and also your hosting company passwords. (I don't believe my passwords were compromised as I would have found additional traces of files elsewhere but I like to err on the side of caution during these times).

Sorry I don't have an update yet but I just found out about this in this past hour and want to inform everyone right away. I will do my best to come up with an update by this weekend sometime.

Thank You,

DuckP.S. If you've found you have been compromised can you please contact me with any details that might help.

Thank you

This article comes from Ravens PHP Scripts

The URL for this story is: