Total Commander forum re-opened after hacks
Moderators: Hacker, petermad, Stefan2, white
-
ghisler(Author)
- Site Admin
- Posts: 50541
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Ah, I see - this couldn't happen here because I don't have root access at all (shared hosting). I'm also using different passwords for ftp, forum admin, and the database.
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
-
AlleyKat
- Senior Member
- Posts: 203
- Joined: 2003-06-15, 10:51 UTC
- Location: for personal info, see wiki
- Contact:
http://www.phpbb.com/phpBB/viewtopic.php?t=248046
Please note that servers running php versions prior to 4.3.10 has a serious security issue regarding the functions 'unserialize' and 'realpath' (which a great many scripts are using). This regards all types of php scripts using these functions, among those phpBB (and any other php-based forumsystem I can think of). The exploit is unfortunately in the wild, and php.net encourages everyone to update as soon as possible. The exploit could mean that hackers can gain access to the config.php file, and thus to the entire DB. http://www.php.net/
For this site, another solution could be securing the DB server against access from the outside - the files aren't writeable anyway, so there's no actual backdoor there.
Just a word of warning from a fan.
Please note that servers running php versions prior to 4.3.10 has a serious security issue regarding the functions 'unserialize' and 'realpath' (which a great many scripts are using). This regards all types of php scripts using these functions, among those phpBB (and any other php-based forumsystem I can think of). The exploit is unfortunately in the wild, and php.net encourages everyone to update as soon as possible. The exploit could mean that hackers can gain access to the config.php file, and thus to the entire DB. http://www.php.net/
For this site, another solution could be securing the DB server against access from the outside - the files aren't writeable anyway, so there's no actual backdoor there.
Just a word of warning from a fan.
Translate your favorite Mozilla Extension ~ Your Language Is Important Too.
#tcmd on irc.freenode.net - the place to idle
#tcmd on irc.freenode.net - the place to idle
-
ghisler(Author)
- Site Admin
- Posts: 50541
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
2AlleyKat
Thanks for the warning. Unfortuantely my Web hoster cannot currently switch to 4.3.10 because it seems to break some other client's scripts. I have applied a temporary patch to phpbb which avoids the problems, see
http://ghisler.ch/board/viewtopic.php?p=44741#44741
Be warned though not to use the code from the phpbb directly, it introduces a big new security hole, and is also faulty. See my post in the mentioned thread (user chrisg).
Thanks for the warning. Unfortuantely my Web hoster cannot currently switch to 4.3.10 because it seems to break some other client's scripts. I have applied a temporary patch to phpbb which avoids the problems, see
http://ghisler.ch/board/viewtopic.php?p=44741#44741
Be warned though not to use the code from the phpbb directly, it introduces a big new security hole, and is also faulty. See my post in the mentioned thread (user chrisg).
My web hoster informed me that only the local host is allowed to connect to the database, except if it was configured differently via the control panel. So the database should be safe.For this site, another solution could be securing the DB server against access from the outside
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
-
AlleyKat
- Senior Member
- Posts: 203
- Joined: 2003-06-15, 10:51 UTC
- Location: for personal info, see wiki
- Contact:
So, no danger at all, and everything back to running smoothly! Very nice.
And thanks for the pointer in the other thread - I already linked to that in the warning on the danish phpbb support forum, and noted that your correction should be applied too. I'm wondering why Dave didn't apply the correction on phpbb.com - he did on project Minerva. Oh well.
Oh, and about the error on phpbb.com - just don't use the word 'mail' with a space behind it, then you can send posts.
And thanks for the pointer in the other thread - I already linked to that in the warning on the danish phpbb support forum, and noted that your correction should be applied too. I'm wondering why Dave didn't apply the correction on phpbb.com - he did on project Minerva. Oh well.
Oh, and about the error on phpbb.com - just don't use the word 'mail' with a space behind it, then you can send posts.
Translate your favorite Mozilla Extension ~ Your Language Is Important Too.
#tcmd on irc.freenode.net - the place to idle
#tcmd on irc.freenode.net - the place to idle
Info from else board…
Hello !
m.f.G.#31505 Traducteur Français de T•C French translator Aide en Français Tutoriels Français English Tutorials
-
ghisler(Author)
- Site Admin
- Posts: 50541
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Yes, this worm is using the same security hole which was used by the hackers to delete my database. The worm is less destructive, though, it only deletes the html and php files, but leaves the forum database intact.
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com