Weird Warez Links When Using Site Crawler on Forum

[skip]

Hi,

Perhaps someone can help/let me know if it what I'm seeing is weird. I ran GsiteCrawler on my site and noticed lots and lots of links coming up showing in the area where I run the forum, in my case siteroot.com/talk

the links I'm seeing are warez type links like

http://site.com/talk/crack.5.1.php

they are all php links which don't go anywhere except give you an error 404 if you paste them in the browser.

Any ideas?

Thanks

[steph5005]

re-install it :p

[skip]

Reinstall the forum?

[青山 素子]

If those truly are not there, you should see a report with where the tool found those links and you can investigate with that info.

[skip]

Hi.

The linked from in the report shows each one of these URLs linked from another!!  I dont think they are physically on my site as they don't show up anywhere even with show hidden files turned on.

I guess I could go through each link and see if it shows a normal file that it's linked from. But I'm curious whether this is SMF related, hosting related or neither.

Happy to send a screen shot etc

Thanks

[青山 素子]

You are welcome to send the report, I'm sure it's nice and small text. Screenshots are often rather hard to read and search.

I don't think it is SMF related at this time. It might be some quirky thing, but best to try and track the source.

[skip]

Managed to track down the issue. My site had been compromised back in July 2006, I thought it was just the main html site pages as there's where the annoying text appeared. However I confirmed that the hacker had modified various .htaccess files within the forum, as well as added several php pages with smf names and put alot of content in the default theme directory. I realised it had come this far as I found an html script in the theme\default.

I did some searches in here to find out which files I should have, deleted the default theme and re upped a clean one. Added some code for some mods I have and all seems to be well now.

The last site crawl I did, didn't reveal any nasties this time around.

Not sure if there is a guide which shows where .htaccess files should be located and what they should contain by default. In order to match the files I basically created a fresh 1.1.4 install and cross referenced the files against what I had.

If there are any other pointers to secure myself would appreciate it. I still have the backup I took which contains the bad files, not sure if this would be of interest to ascertain anything.

Skip

[metallica48423]

SMF has no .htaccess files by default.

[skip]

In fact he got direct access to the public_html directory from what I can see. But can you confirm that smf does need to have a .htaccess file in the root of the forum. The one with this entry:

<IfModule mod_security.c>
   # Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
   SecFilterEngine Off

   # The below probably isn't needed, but better safe than sorry.
   SecFilterScanPOST Off
</IfModule>

And should there be any .htaccess files in any of the other forum directories.

Thanks

[青山 素子]

You only need those entries if your host is using mod_security and has some optional rulesets enabled that cause issues with SMF.

Looking through, only one .htaccess exists in the package, in the attachments directory. It has the contents:

Koodi [Valitse] Laajenna


<Files *>
Order Deny,Allow
Deny from all
Allow from localhost
</Files>


This prevents direct access to this folder.

[skip]

Thanks for that clarification