this morning my index.php page was hacked and replaced >:(
It was easy enough to remove it and reinstall the origional.
I was running version 1.0.6 but have now upgraded to 1.0.7
Can anyone tell me if the new version closes this security hole?
Ron
the main page had this :-
<title>You're Victim Of Defacing</title>
-=[Page Temporaly Off-Line]=-
¡¡¡ DarkbiteX Was Here!!!
Sorry Admin, Your Security Its BAD
It Does Not Erase Archives
-=[SALUDOS ESPECIALES]=-
OverclockiX , 0o_Zeuz_o0, Status-X, Usermaster, Naonack, Good-spide
Defacing Interaktivo Tabasco Mexico Presente. Copyright® 2006 by darkbitex[at]gmail.com
Do you make backups by any chance from a control panel such as cPanel, where it puts everything in one big file like a zip or tar.gz.
Just your hackers told you what helped him
LainaaSorry Admin, Your Security Its BAD
It Does Not Erase Archives
Make sure you have a look and see if theres any files hanging about he can access.
Lainaus käyttäjältä: Trekkie101 - huhtikuu 15, 2006, 07:22:06 AP
Do you make backups by any chance from a control panel such as cPanel, where it puts everything in one big file like a zip or tar.gz.
no i don't do backups through cpanel, I generally just ftp the folders to backup.
The forum folder is 777 maybe this is a problem? as the only thing I think he has done is exchange the index.php file. The original index file was backed up like this 'index.php~'
one of the programs that does this is 'vim'
777 should be fine. Your data is in the database by the way, thats what you should back up ;)
1.0.7 fixes a security bug, but not one that could lead to this and there are no other known holes.
Do you run any mods or any other scripts on your site?
Lainaus käyttäjältä: Trekkie101 - huhtikuu 15, 2006, 09:52:24 AP
Do you run any mods or any other scripts on your site?
The site is relatively standard.
I have had 2 occasions where the Settings.php has been 0k and i have had to reset
The only pagkages I have had in there are good map but I removed it ( not very cleanly though) also:-
SMF 1.0.7 / 1.1 RC2 Update
MySQL 5.0.12 Compatibility Update
SMF 1.0.6 Update
funny though SMF 1.0.7 update is not listed
but it is listed in the change log as
not the date is wrong as i upgraded 1.0.7 today??
SMF 1.0.7 29 March 2006
================================================================================
March 2005:
--------------------------------------------------------------------------------
! Added an extra check on the HTTP_X_FORWARDED_FOR input variable. (QueryString.php)
! Limit the number of words that can be searched for a little bit. (Search.php)
! Prevent users from voting more than once in a poll. (Poll.php)
Which other scripts do you have on your site?
Who is your host?
As you have said yourself the original file was backed up. This makes it likely that someone has hacked it through your SSH account (if you have one) or another account on the server.
If your host hasn't secured accounts properly other server accounts can modify your files