Guest Posted January 5, 2006 Share Posted January 5, 2006 Just had a spammers mailing script uploaded to images/uploads on my main site Running version3.7 which i thougt was fixed. After i deleted the hackers scripts I reset the permissions on the upload folder to 755. Has anyone else suffered this? What is the recommended permission for that folder? No real damage done just 5000 emails sent from my account pretending to be from the bank of america. And finally is it just me or would anyone else like to round up all the worlds hackers and hang them by the gonads?? I'll pull the lever :sourcerer: Quote Link to comment Share on other sites More sharing options...
Guest Posted January 5, 2006 Share Posted January 5, 2006 You need to check out 3.0.7-pl1 , i think... Quote Link to comment Share on other sites More sharing options...
Guest Posted January 5, 2006 Share Posted January 5, 2006 That's what is installed :sourcerer: Quote Link to comment Share on other sites More sharing options...
Guest Marshalls Posted January 5, 2006 Share Posted January 5, 2006 I saw a patch for this some place brooky posted, but after i installed the patch for this i had all kinds of problums.. so i removed the patch.. man i really hope CC gets all fixed up soon.. Its not fair to everyone who owns a store using CC. nor is it great about what its done allready to CC rep around the world. I feel bad for everyone even brooky who has so much of his life into this great program.. :sourcerer: Quote Link to comment Share on other sites More sharing options...
Guest Posted January 5, 2006 Share Posted January 5, 2006 I saw a patch for this some place brooky posted, but after i installed the patch for this i had all kinds of problums.. so i removed the patch.. yeh, this is worring, because im going to be spending a lot of money promoting this my future site which is using CC, and if the script doesnt function or doesnt offer proper security, im a gonner. i feel the hackers monitor this site, and if brooky announces a hole hackers would leech on to it and use the full blown directory thats availible on here to hack sites. observation i guess. it is really time consuming doing all the hacks again ... i've just had to reset my key, and reload all the hacks manually again. Quote Link to comment Share on other sites More sharing options...
Guest Posted January 5, 2006 Share Posted January 5, 2006 Gary, have you gone through your server logs to see how they may have perpetrated this heinous attack? If that scares you, just zip up your access log and send it to me. I'll have a go at it. We have to figure out how they did what they did. :sourcerer: Quote Link to comment Share on other sites More sharing options...
Guest Posted January 5, 2006 Share Posted January 5, 2006 We found the hacker files responsible for the spam on several sites look out for the following people and remove if you find them sh.php nasty little script that basically lets the hacker look at anything on your server. Still trying to find out how they got in but they will upload this to any folder on your server with permissions of 777. Ie images/uploads So be on the look out for the above file. Just thought i would give you the heads up. Quote Link to comment Share on other sites More sharing options...
Guest aikdo Posted January 5, 2006 Share Posted January 5, 2006 What i was just about to post, did you move to 3.0.7 after already being attacked... I cant stress enough to people once your site is hacked make sure you cleen up you directories if a hacker leaves a backdoor file like your sr.php file then no matter how secure CubeCart is your site is vunrable... This may not be the case with you however though gary and if you have not been hacked previous you may want to scan through your logs to find out how that file got on your server in the first place :errm: Quote Link to comment Share on other sites More sharing options...
Guest mig6 Posted January 5, 2006 Share Posted January 5, 2006 im in a worry for this, ive been hack on my site (with my old host) 3.0.4 cc, im now running on a new host with 3.0.7pl1 running ok. But, can some buddy post the correct folder permissions ???? as i upgraded from 3.0.4 to latest i didt run intall.php file so i dont know if im running proper permissions on my new site ;) Quote Link to comment Share on other sites More sharing options...
Guest timecrisis Posted January 5, 2006 Share Posted January 5, 2006 REMOVE THE LINK TO YOUR SITE FROM YOUR SIGNATURE! Quote Link to comment Share on other sites More sharing options...
Guest esthervdwal Posted January 5, 2006 Share Posted January 5, 2006 I've got a folder called .n3 that's on my server and I can't seem to delete it. It sais over and over again: permission denied..... Quote Link to comment Share on other sites More sharing options...
Guest mashurst Posted January 5, 2006 Share Posted January 5, 2006 my server does not run with register globals on, so I am good with cc 3.06. Before I knew that this was the problem and that I was ok, I performed the very first patch that was released, and I attempted 3.07, which failed. I have not done any other patches. After I performed the first patch, my upload and image management admin features do not work. If I change the permissions on the folders to 777 then the features work, but I am concerned that this will make my site vunerable to attack. I have been just ftp ing the images directly to the folder, but then the thumbnails don't create and it leaves the images with broken thumbnail links. Plus, my client isn't as adept at doing this and would prefer to use all of the admin panel functions. It looks like after I performed the first and second patches, the permissions were changed to 705 which doesn't allow the admin image management to work. When I try and upload, delete I get some form of this message. Permission denied in /hsphere/local/home/ My question is, what are the correct permissions? I am going to run with the original unpatched 3.06 upload.php file as from what I understand it is ok to use that file based on my server configuration "register globals off" I am thinking because I tried 3.0 to 3.06 security patch 1 (modify upload.php) and then I tried 3.07 upload, and then had to go back to my 3.06 backup, that I should try 3.07v2 at this point because of my confused configuration? -M ;) Quote Link to comment Share on other sites More sharing options...
Guest Denver Dave Posted January 6, 2006 Share Posted January 6, 2006 How are .php files being uploaded - don't we restrick by file type? Now I'm wondering about the avatar uploads on my phpBB forums. Combine this with the current unsolved Microsoft vulnerability for images and Yikes! ;) Quote Link to comment Share on other sites More sharing options...
Guest theorbo Posted January 6, 2006 Share Posted January 6, 2006 esthervdwal, CONTACT YOUR HOST IMMEDIATELY!!! Get them to remove the file ASAP.... denverdave, there's been a variety of fixes for the wmf vulnerability online since 2 days. Simple goog search is your friend. http://www.hexblog.com/ And there's now a ms patch - if that's your favorite flavor of protection. http://www.microsoft.com/technet/security/...n/ms06-001.mspx Quote Link to comment Share on other sites More sharing options...
Guest rukiman Posted January 6, 2006 Share Posted January 6, 2006 so is 777 still the right permissions for the image/upload directories? Quote Link to comment Share on other sites More sharing options...
Guest Posted January 6, 2006 Share Posted January 6, 2006 yes the images is 777 Quote Link to comment Share on other sites More sharing options...
Guest timecrisis Posted January 8, 2006 Share Posted January 8, 2006 I have never really got an answer in years of web work..Is having a folder set to 777 a security risk? Quote Link to comment Share on other sites More sharing options...
Guest esthervdwal Posted January 8, 2006 Share Posted January 8, 2006 esthervdwal, CONTACT YOUR HOST IMMEDIATELY!!! Get them to remove the file ASAP.... Did that and it's all fixed now!! Quote Link to comment Share on other sites More sharing options...
Guest theorbo Posted January 8, 2006 Share Posted January 8, 2006 That's good! I was hoping you'd see that message.... Quote Link to comment Share on other sites More sharing options...
Guest Posted January 10, 2006 Share Posted January 10, 2006 I have never really got an answer in years of web work..Is having a folder set to 777 a security risk? The only thing that 777 means is that any USER on the server can write to that folder. What it's usually used for is allowing the web server (which normally runs as user "nobody") to write files to the folder. This is perfectly normal and perfectly secure.....basically. The problem comes when a script running on the server has a security hole which lets a malicious loser upload what he or she wants into that directory. So the problem is NOT the permissions, but rather poorly written scripts. Hope this helps. :) Quote Link to comment Share on other sites More sharing options...
Guest megagente Posted February 6, 2006 Share Posted February 6, 2006 I was attacked too, even my cart was not in use and was not on front page. Quote Link to comment Share on other sites More sharing options...
Guest timecrisis Posted February 6, 2006 Share Posted February 6, 2006 Thanks for the explanation, Sir William! Secure as long as the scripts you are running are too... :D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.