Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
CurtisH
Life Cycles Becoming CPU Cycles


Joined: Mar 15, 2004
Posts: 638
Location: West Branch, MI

PostPosted: Wed Oct 13, 2004 2:59 pm Reply with quote

Today I receievd a hack attempt. Sentinel did not catch it, however admin secure did. It was attempted against the coppermine module by adding a variable.

The details of the hack attempt actually directed me right to a Brasilian based web site. There is a file currently sitting on that server that looks very much like a sneak in, exploit and grab all script.

Could one of the site admins here please message me on Yahoo as I would like some clarification as to the best way to pass this info on to authorities and also discuss why Sentinel didn't catch this hack attempt and what measures I should take to shore this up better against this type of exploit. I didn't want to dislose the details in an open forum

_________________
Those who dream by day are cognizant of many things which escape those who dream only by night. ~Poe 
View user's profile Send private message Visit poster's website Yahoo Messenger
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Wed Oct 13, 2004 4:31 pm Reply with quote

NukeSentinel has not been designed to protect/patch 3rd party software. We have tried to protect admin.php and XSS and some other more common types of attacks that core nuke is exploitable by/to. CM in particular is prone to too many holes. It is the responsibility of the users to stay up-2-date with 3rd party patches. Just as Chatserv patches core nuke, we protect core nuke. Now, having said that, if you would like to PM or email me the hack attempt, I will be happy to look at it to see if it's a core nuke issue. If so, we will look at including it.
 
View user's profile Send private message
CurtisH
PostPosted: Wed Oct 13, 2004 4:50 pm Reply with quote

I did not realize that. I am glad to be more aware. Thank you. When reading your reply I sensed that I may have offended you, if that be the case please accept my apology. My questioning was not an attack on Sentinel, I in fact love the program. *LOL* I had the impression that it detected/guarded against most hack attempts to any and all modules.

I will email you the details.
 
Raven
PostPosted: Wed Oct 13, 2004 5:31 pm Reply with quote

I didn't mean to come across with any tone other than my frustration with CM. I have been battling with my data center host about CM for a while and yesterday an eggdrop was deposited to one of my clients because he had an insecure copy. So, CM was removed and other clients will be faced with it too. It's just plain buggy.
 
CurtisH
PostPosted: Wed Oct 13, 2004 5:34 pm Reply with quote

I hate to hear that because Menalto just will not run on my host due to the way that they have it configured. What can I do? Any suggestions? My members are used to having their own albums on my site...
 
Raven
PostPosted: Wed Oct 13, 2004 5:35 pm Reply with quote

I just looked at that and I know NukeSentinel stops that code. What are your settings for Filters? Is it activated and set to ban?
 
Raven
PostPosted: Wed Oct 13, 2004 5:37 pm Reply with quote

And also, my guess would be that maybe admin secure grabbed it before it filtered to NukeSentinel.
 
Raven
PostPosted: Wed Oct 13, 2004 5:38 pm Reply with quote

CurtisHancock wrote:
I hate to hear that because Menalto just will not run on my host due to the way that they have it configured. What can I do? Any suggestions? My members are used to having their own albums on my site...
Gallery? I don't know as I don't use them.
 
CurtisH
PostPosted: Wed Oct 13, 2004 5:39 pm Reply with quote

Mine is set to email, block and default page, write to htaccess, full IP and Permanent block. All of the Blocker settins are configured in this manner. I do have HTTP Auth Enabled as well.

Regarding the CM issue, I have 1.3.0 is this version safe enough to run or should I disable it?

Thanks Raven
 
Raven
PostPosted: Wed Oct 13, 2004 5:41 pm Reply with quote

I don't know because I don't use it. You probably need to check at their site.
 
CurtisH
PostPosted: Wed Oct 13, 2004 5:44 pm Reply with quote

Ok, thought it had closed. Sorry. Smile
 
djmaze
Subject Matter Expert


Joined: May 15, 2004
Posts: 719
Location: http://tinyurl.com/5z8dmv

PostPosted: Fri Oct 15, 2004 9:52 am Reply with quote

Coppermine 1.2.x has an exploit in the themes (thanks to me)

If you run coppermine 1.3 with old themes then you are still vulnerable

Easy fix: place a .htaccess in the modules/coppermine directory containing
Code:
deny from all


Or remove the offending theme's
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©