Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

58 000 Spam e-mails through my Nuke and Specialy phpBB...
 View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> w/Nuke 6.9
Author Message
Virgin_Steel
Worker
Worker



Joined: Sep 30, 2004
Posts: 108
Location: Sf
PostPosted: Sat May 13, 2006 4:48 am Reply with quote
OK...just the other day while i was drivin` my car i got a call from my host company and they said to me that someone has tried to send 58 000 e-mails with spam through my site.When i arrive at home and looked up to the logs of the server and Ip_Tracker i realized that the hole in my security was AVATARS foldrer!!! How the hell this 'hackers' have been created a 'aa.php' file that sends this thousends of e-mails ? Is there a security fix for this? I don't know..only .jpg & .gif allowed in this folder or?
I know this folder has to be CHMOD-ed to 777 for users to be able to upload their avatars...
Please, help me. I'm using php-Nuke 7.0 , but my phpBB has been upgraded with almost every security fix that comes out...
 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
PostPosted: Sat May 13, 2006 6:12 am Reply with quote
There is a known exploit that can take advantage of remote avatars/signatures if you have html enabled in the forum config, though I think this has been fixed I would only recommend that BBCODE is enabled.

Whilst it is possible the are activating their script via the forum, do not discount other modules you might have such as SPChat, vWar, Gallery and anything that allows remote uploads.
 
View user's profile Send private message Send e-mail
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> w/Nuke 6.9


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©