Welcome to Geeklog, Anonymous Friday, December 27 2024 @ 08:34 pm EST
Geeklog Forums
My geeklog site is gone :(
Sometime today a person ERASED my site! My host (powweb.com) has suggested that it may be a vulnrability in the CMS (geeklog). The refered me to this link.
http://www.securitytracker.com/alerts/2003/Sep/1007828.html
Could this be? I hope not. I love geeklog. But if you want to see what was left when they were done go here.
----------------------------------
Building the better weapon....
----------------------------------
Steve
http://www.securitytracker.com/alerts/2003/Sep/1007828.html
Could this be? I hope not. I love geeklog. But if you want to see what was left when they were done go here.
----------------------------------
Building the better weapon....
----------------------------------
Steve
19
20
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Which version of Geeklog were you running before this happened?
The issues you were pointed to have been discussed at length here and if they're even valid, the certainly can't be used to remove files from your webspace.
Also, were you running any add-ons, such as Gallery? That, too, has had security issues in the past.
bye, Dirk
The issues you were pointed to have been discussed at length here and if they're even valid, the certainly can't be used to remove files from your webspace.
Also, were you running any add-ons, such as Gallery? That, too, has had security issues in the past.
bye, Dirk
20
18
Quote
Status: offline
drshakagee
Forum User
Full Member
Registered: 10/01/03
Posts: 231
I use powweb too and they often pass the buck to anyone but themselves and when its found to be their problem they will delete forum threads that talk about it. Most likely they have a security issue where someone got your ftp password from ops.powweb.com and erased your site with that. Also they limit your sql select statements which isn't a problem until your site gets big and then they will shut your site down for an hour with no notice at all. I couldn't recommend them to anyone and once my contract runs out I am switching to a much more friendly host.
Yes I am mental.
Yes I am mental.
25
22
Quote
Status: offline
jkuperus
Forum User
Newbie
Registered: 10/06/03
Posts: 1
he reset password issue was valid
the forum userlist sorting issue was valid
the shoutbox xss issue was valid
the forum xss issue was valid
all 4 of these could lead to administrative access to your blog
Are you disputing this ? if so i'd like to hear your arguments and i'll dismiss each and everyone of them with ease and make you look like a fool in the process
Anyway its unlikely that people used this to totally whipe your site. as they basicly give you control over the application, not the underlying system, although I am not very famiar with geeklog, maybe you can upload php stuff somewhere in the administrative section, then you'd be screwed, maybe your where running mysql 4.1 and it has some new nifty functions that allow you to whipe stuff
but again I would say it's improbable
just to be on the save side of things you'll probably want to stay clear of insecure products like geeklog
--
and now how do i stop these mail notifies for every new thread, gawd this is anoying
"&'
the forum userlist sorting issue was valid
the shoutbox xss issue was valid
the forum xss issue was valid
all 4 of these could lead to administrative access to your blog
Are you disputing this ? if so i'd like to hear your arguments and i'll dismiss each and everyone of them with ease and make you look like a fool in the process
Anyway its unlikely that people used this to totally whipe your site. as they basicly give you control over the application, not the underlying system, although I am not very famiar with geeklog, maybe you can upload php stuff somewhere in the administrative section, then you'd be screwed, maybe your where running mysql 4.1 and it has some new nifty functions that allow you to whipe stuff
but again I would say it's improbable
just to be on the save side of things you'll probably want to stay clear of insecure products like geeklog
--
and now how do i stop these mail notifies for every new thread, gawd this is anoying
"&'
24
19
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by jkuperus: Are you disputing this ? if so i'd like to hear your arguments and i'll dismiss each and everyone of them with ease and make you look like a fool in the process
None of the alleged SQL injections originally reported by Lorenzo for Geeklog itself were valid. They caused SQL errors, yes, but that's about it.
The password issue was found by someone else and is so far the only known case of a successful exploit based on SQL injections in Geeklog itself. The forum issue only existed on this site as it only affected an unreleased version of the Forum. We have confirmed the Forum XSS (i.e. injection of Javascript) and Shoutbox issues.
I would be interested to hear what you found that Lorenzo's reported issues such as
http://[TARGET]/index.php?topic=te'st/[SQL INJECTION CODE]
can cause in Geeklog. Quote by jkuperus:Anyway its unlikely that people used this to totally whipe your site.
Exactly.
Quote by jkuperus:but again I would say it's improbable
just to be on the save side of things you'll probably want to stay clear of insecure products like geeklog
just to be on the save side of things you'll probably want to stay clear of insecure products like geeklog
Before jumping to such conclusions, maybe we should wait until we have more information on the exact circumstances, don't you think?
Quote by jkuperus:and now how do i stop these mail notifies for every new thread, gawd this is anoying
Go to the forum options (from your user functions block) and select "subscriptions".
bye, Dirk
16
24
Quote
Status: offline
DTrumbower
Forum User
Moderator
Registered: 01/08/03
Posts: 507
Quote by destr0yr: Dirk, if you lived in Canada I'd buy you a beer.
He does accept paypal. And his beer tastes better.
25
14
Quote
Status: offline
destr0yr
Forum User
Full Member
Registered: 07/06/02
Posts: 324
Quote by DTrumbower: He does except paypal. And his beer tastes better.
I was waiting for this reply.
btw, shoulda used "accept", not "except"
-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams
20
17
Quote
Status: offline
DTrumbower
Forum User
Moderator
Registered: 01/08/03
Posts: 507
btw, shoulda used "accept", not "except"
Always a darn grammar police in the group. ( I changed it, thanks)
18
18
Quote
I want start by giving my apologies to Dirk. Geeklog was not the culprit on my recent website annihilation. I have confirmed with my webhost (powweb) that there was an inode corruption on the hard drive that contained my site and that the system (BSD) deleted my user folder when it rebuilt the inode index.
My apologies Dirk. Geeklog is a great CMS and I should not of jumped to such a quick conclusion when the shat hit the fan. Sorry man!
drshakagree was right to put the blame where it belongs and that is with the webhost powweb. They did fess up and admit it was their problem but now I'm all paranoid that it will happen again. This would not be such a big deal but I have over 9,000 files (most are pictures) in my site and uploading them and fixing permissions is a beeatch.....
thanks for the advice drshakagree.. I too will be searching for new host when this contract is up.
Cheers!
Steve
----------------------------------
Building the better weapon....
----------------------------------
Steve
My apologies Dirk. Geeklog is a great CMS and I should not of jumped to such a quick conclusion when the shat hit the fan. Sorry man!
drshakagree was right to put the blame where it belongs and that is with the webhost powweb. They did fess up and admit it was their problem but now I'm all paranoid that it will happen again. This would not be such a big deal but I have over 9,000 files (most are pictures) in my site and uploading them and fixing permissions is a beeatch.....
thanks for the advice drshakagree.. I too will be searching for new host when this contract is up.
Cheers!
Steve
----------------------------------
Building the better weapon....
----------------------------------
Steve
18
15
Quote
Status: offline
destr0yr
Forum User
Full Member
Registered: 07/06/02
Posts: 324
Quote by Nezz: My apologies Dirk. Geeklog is a great CMS and I should not of jumped to such a quick conclusion when the shat hit the fan. Sorry man!
Good saying (or at least i like it):
"Assumption is the mother of foo-bars" - exchange foo-bar with the appropriate colourful-language version if necessary
-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams
21
22
Quote
All times are EST. The time is now 08:34 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content