 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 362 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
Hacked by (and at!) the Boys of Brazil |
|
 AdeptCoach writes "My site was attacked by 201.0.20.25 (a Brazilian ISP) using www.anjolinux.hpg.com.br and bi0s.8bit.co.uk. They succeeded in overwriting my index.php file using a bug in My_eGallery.
These guys have struck other php-nuke sites before and still haven't found anything better to do with their time!
I've added them to my banned list and fixed the security hole in the module.
It's previously been reported as an exploit that uses the $basepath variable in the displayCategory.php file. And that's exactly how these kiddo's got in.
The code is equally vulnerable to exploiting the $adminpath variable in the same file. And may be vulnerable to similar exploits in other files throughout the module.
The fix is to replace all of the instances of either variable with the actual path (for example, the basepath is usually modules/My_eGallery, pretty straight forward!)"
|
|
Posted on Sunday, February 08 @ 18:04:36 CET by Zhen-Xjell |
|
|
|
|
| |
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Hacked by (and at!) the Boys of Brazil (Score: 1)
by pointman on Sunday, February 08 @ 19:46:48 CET
(User Info | Send a Message) | The kiddies are using Google to find these vulnerable installations.
|
| | | | |
Re: Hacked by (and at!) the Boys of Brazil (Score: 1)
by decker on Monday, February 09 @ 10:33:48 CET
(User Info | Send a Message) | Hi!
Where can i get the security patched version?
dec |
Re: Hacked by (and at!) the Boys of Brazil (Score: 1)
by adeptcoach on Monday, February 09 @ 14:27:36 CET
(User Info | Send a Message) http://www.coachescafe.com/ | That code isn't being actively supported by anyone and my copy is not plain vanilla anymore.
Having said that, the fix is pretty easy.
STEP 1: MAKE A BACKUP!!! It may not work for you.
STEP 2: Edit the 2nd and 3rd lines of your modules/My_eGallery/public/displayCategory.php file. If your install is standard, change the $basepath in line 2 to modules/My_eGallery and the $adminpath in line 3 to admin/modules/gallery
and you should be fine. If not, then go to Step 3
STEP 3: If it doesn't work, restore from your BACKUP!!
STEP 4: If needed, look at your directory structure and see what it should be if different from what I said in Step 2. Try again. (Don't lose the backup!) |
]
| | | | |
Re: Hacked by (and at!) the Boys of Brazil (Score: 1)
by Jeruvy on Monday, February 09 @ 13:06:51 CET
(User Info | Send a Message) | Yes, google is a great way to find poorly configured web servers to attack. Sad to say that most scanning tools take a back seat to a 'search engine'...
J.
|
| | | | |
Re: Hacked by (and at!) the Boys of Brazil (Score: 1)
by decker on Tuesday, February 10 @ 17:27:44 CET
(User Info | Send a Message) | Is the displayCategory.php the only file that needs to be patched? I see alot of other $basepath's in the other files in the /public/ directory.
dec.
|
Re: Hacked by (and at!) the Boys of Brazil (Score: 1)
by adeptcoach on Wednesday, February 11 @ 12:38:15 CET
(User Info | Send a Message) http://www.coachescafe.com/ | | I went through and fixed them all. Occured to me later that we could use a define and replace the variables with constants and keep it localized. Ahh, the glory of hindsight! |
]
| | | | | |
|
