Jump to content

3.7 hacked

Guest

By Guest
in Technical Help

 Share

Recommended Posts

Guest

Guest

Posted
Posted

Just had a spammers mailing script uploaded to

images/uploads on my main site

Running version3.7 which i thougt was fixed.

After i deleted the hackers scripts I reset the permissions on the upload folder to 755. Has anyone else suffered this? What is the recommended permission for that folder?

No real damage done just 5000 emails sent from my account pretending to be from the bank of america. ;)

And finally is it just me or would anyone else like to round up all the worlds hackers and hang them by the gonads??

I'll pull the lever :sourcerer:

Link to comment
Share on other sites

Guest Marshalls

Guest Marshalls

Posted
Posted

I saw a patch for this some place brooky posted, but after i installed the patch for this i had all kinds of problums.. so i removed the patch..

man i really hope CC gets all fixed up soon.. Its not fair to everyone who owns a store using CC. nor is it great about what its done allready to CC rep around the world.

I feel bad for everyone even brooky who has so much of his life into this great program..

:sourcerer:

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

I saw a patch for this some place brooky posted, but after i installed the patch for this i had all kinds of problums.. so i removed the patch..

yeh, this is worring, because im going to be spending a lot of money promoting this my future site which is using CC, and if the script doesnt function or doesnt offer proper security, im a gonner.

i feel the hackers monitor this site, and if brooky announces a hole hackers would leech on to it and use the full blown directory thats availible on here to hack sites. :sourcerer: observation i guess.

it is really time consuming doing all the hacks again ... i've just had to reset my key, and reload all the hacks manually again.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Gary, have you gone through your server logs to see how they may have perpetrated this heinous attack?

If that scares you, just zip up your access log and send it to me. ;) I'll have a go at it. We have to figure out how they did what they did.

:sourcerer:

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

We found the hacker files responsible for the spam on several sites look out for the following people and remove if you find them

sh.php

nasty little script that basically lets the hacker look at anything on your server. Still trying to find out how they got in but they will upload this to any folder on your server with permissions of 777. Ie images/uploads

So be on the look out for the above file. Just thought i would give you the heads up.

Link to comment
Share on other sites
Guest aikdo

Guest aikdo

Posted
Posted

What i was just about to post, did you move to 3.0.7 after already being attacked...

I cant stress enough to people once your site is hacked make sure you cleen up you directories if a hacker leaves a backdoor file like your sr.php file then no matter how secure CubeCart is your site is vunrable...

This may not be the case with you however though gary and if you have not been hacked previous you may want to scan through your logs to find out how that file got on your server in the first place :errm:

Link to comment
Share on other sites
Guest mig6

Guest mig6

Posted
Posted

im in a worry for this, ive been hack on my site (with my old host) 3.0.4 cc, im now running on a new host with 3.0.7pl1 running ok.

But, can some buddy post the correct folder permissions ????

as i upgraded from 3.0.4 to latest i didt run intall.php file so i dont know if im running proper permissions on my new site :D ;)

Link to comment
Share on other sites
Guest esthervdwal

Guest esthervdwal

Posted
Posted

I've got a folder called .n3 that's on my server and I can't seem to delete it.

It sais over and over again: permission denied.....

Link to comment
Share on other sites
Guest mashurst

Guest mashurst

Posted
Posted

my server does not run with register globals on, so I am good with cc 3.06. Before I knew that this was the problem and that I was ok, I performed the very first patch that was released, and I attempted 3.07, which failed. I have not done any other patches. After I performed the first patch, my upload and image management admin features do not work. If I change the permissions on the folders to 777 then the features work, but I am concerned that this will make my site vunerable to attack. I have been just ftp ing the images directly to the folder, but then the thumbnails don't create and it leaves the images with broken thumbnail links. Plus, my client isn't as adept at doing this and would prefer to use all of the admin panel functions. It looks like after I performed the first and second patches, the permissions were changed to 705 which doesn't allow the admin image management to work. When I try and upload, delete I get some form of this message.

Permission denied in /hsphere/local/home/

My question is, what are the correct permissions? I am going to run with the original unpatched 3.06 upload.php file as from what I understand it is ok to use that file based on my server configuration "register globals off"

I am thinking because I tried 3.0 to 3.06 security patch 1 (modify upload.php) and then I tried 3.07 upload, and then had to go back to my 3.06 backup, that I should try 3.07v2 at this point because of my confused configuration?

-M ;)

Link to comment
Share on other sites
Guest Denver Dave

Guest Denver Dave

Posted
Posted

How are .php files being uploaded - don't we restrick by file type? Now I'm wondering about the avatar uploads on my phpBB forums. Combine this with the current unsolved Microsoft vulnerability for images and Yikes!

;)

Link to comment
Share on other sites
Guest theorbo

Guest theorbo

Posted
Posted

esthervdwal, CONTACT YOUR HOST IMMEDIATELY!!! Get them to remove the file ASAP....

denverdave, there's been a variety of fixes for the wmf vulnerability online since 2 days. Simple goog search is your friend.

http://www.hexblog.com/

And there's now a ms patch - if that's your favorite flavor of protection.

http://www.microsoft.com/technet/security/...n/ms06-001.mspx

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

I have never really got an answer in years of web work..Is having a folder set to 777 a security risk?

The only thing that 777 means is that any USER on the server can write to that folder. What it's usually used for is allowing the web server (which normally runs as user "nobody") to write files to the folder. This is perfectly normal and perfectly secure.....basically.

The problem comes when a script running on the server has a security hole which lets a malicious loser upload what he or she wants into that directory. So the problem is NOT the permissions, but rather poorly written scripts.

Hope this helps. :D

:)

Link to comment
Share on other sites
  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...