Hacked by (and at!) the Boys of Brazil
Date: Sunday, February 08 @ 18:04:36 CET
Topic: Security


My site was attacked by 201.0.20.25 (a Brazilian ISP) using www.anjolinux.hpg.com.br and bi0s.8bit.co.uk. They succeeded in overwriting my index.php file using a bug in My_eGallery.

These guys have struck other php-nuke sites before and still haven't found anything better to do with their time!

I've added them to my banned list and fixed the security hole in the module.

It's previously been reported as an exploit that uses the $basepath variable in the displayCategory.php file. And that's exactly how these kiddo's got in.

The code is equally vulnerable to exploiting the $adminpath variable in the same file. And may be vulnerable to similar exploits in other files throughout the module.

The fix is to replace all of the instances of either variable with the actual path (for example, the basepath is usually modules/My_eGallery, pretty straight forward!)





This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=1561