Pixelated a phpBB Template by SkaidonDesigns
 
Kaktusan Corp. Support Area Forum Index
www.kaktusancorp.com
www.cheapestadultscripts.com
Play with the Best, be the Best!
Rocket Pinger
FAQ
Search
Memberlist
Usergroups
Profile
Log in to check your private messages
Log in

The Mightiest Webmaster Solutions Ever
Kaktusan Cash
Kaktusan Cash
Links Organizer
Links Organizer
Blogs Automater
Blogs Automater
Plug Rush
Plug Rush

Haven't registered yet? Do it here now!
security issue

 
Post new topic   Reply to topic    Kaktusan Corp. Support Area Forum Index -> Site Organizer
View previous topic :: View next topic  
Author Message
hunkmoney



Joined: 15 Feb 2008
Posts: 41

PostPosted: Fri May 18, 2012 3:32 pm    Post subject: security issue Reply with quote
hi,
i have had some security issues recently with Site Organizer. Apparently, a hacker has been able to overwrite files in the sohtml directory (he added an include file which then redirects surfers).

I am running SO 2.5. Are there any security updates that I should install? Have you seen this issue before? My host says its because the sohtml directory is 777, if I change those rights to 755 will it break the script?

This has happened 3 times in the past few weeks on me, each time I have had my host National Net involved to run security scans and to get things fixed up (the files are owned by the server so I cannot edit them directly) so I suspect this hacker will be back to do it again....so I need to get this fixed up! Any help is appreciated.

cheers
Luke
Back to top
View user's profile Send private message

Author Message
hunkmoney



Joined: 15 Feb 2008
Posts: 41

PostPosted: Fri May 18, 2012 3:50 pm    Post subject: Reply with quote
one other note, I have already done all the usual security stuff like change my passwords, my ftp passwords, etc to random string 10+ character passwords...that was the first "fix it" that was done by my host, yet the hacker returned for the second time and added the includes only 3 days later.
Back to top
View user's profile Send private message

Author Message
hunkmoney



Joined: 15 Feb 2008
Posts: 41

PostPosted: Fri May 18, 2012 4:16 pm    Post subject: Reply with quote
My host has suggested that I change the location of the existing SO script so that its in a random folder instead, for instance, it is currently at
http://domain.com/so/

My host suggested changing this to http://domain.com/awerasd/so/

Will SO still work OK or are there any files or crontabs that I need to change as well?

(ps...its really difficult to post on this forum when I have to wait ~15 minutes between posts)
Back to top
View user's profile Send private message

Author Message
kaktus
Owner


Joined: 22 May 2004
Posts: 1576
Location: CheapestAdultScripts.com

PostPosted: Fri May 18, 2012 7:15 pm    Post subject: Reply with quote
hi there, yes the files are writable, but the hacker is getting into the machine somehow to be able to touch these files, so you and your host should be looking into that direction.. It is normal when a hacker breaks in to touch the writable files, since it can't touch anything else.. All times my clients had such problems, the hackers usually got in through Wordpress, TGP or Trade script that is on their server and from there they spread across..

Yes, you can put SO in whatever inner folder you want. What you will need to change if you do that with your existing so is editing the cronjob to match the new directory, editing your sites where you have the SO include code for calling templates and probably changing in script's settings the new location to the thumbs
_________________
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number

Author Message
hunkmoney



Joined: 15 Feb 2008
Posts: 41

PostPosted: Fri May 18, 2012 9:22 pm    Post subject: Reply with quote
thanks, it looks like the hacker was able to get files uploaded into other writeable directories as well & not just SO, my host is investigating and trying to close up any holes.

one other quick question, i tried protecting the SO directory with an htaccess file but that causes the sites using SO to fail since they need access to that directory (same with BO & GS, which I also own). Is there any way to do htaccess protection in SO, BO and GS?
Back to top
View user's profile Send private message

Author Message
hunkmoney



Joined: 15 Feb 2008
Posts: 41

PostPosted: Fri May 18, 2012 9:43 pm    Post subject: Reply with quote
the specific directories that I need to address are:
/bo/
/bo/boimages/temp/
/so/sohtml/
Back to top
View user's profile Send private message

Author Message
kaktus
Owner


Joined: 22 May 2004
Posts: 1576
Location: CheapestAdultScripts.com

PostPosted: Sat May 19, 2012 7:13 am    Post subject: Reply with quote
Hi there, no there isn't htaccess protection due to the nature of the multidomain purpose of the scripts
_________________
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number

Author Message
hunkmoney



Joined: 15 Feb 2008
Posts: 41

PostPosted: Mon May 21, 2012 12:36 am    Post subject: Reply with quote
the file that is being used by the hacker is /so/sohtml/ and /so/sotemp/

Can these two files be set to chmod 755?
Back to top
View user's profile Send private message

Author Message
kaktus
Owner


Joined: 22 May 2004
Posts: 1576
Location: CheapestAdultScripts.com

PostPosted: Mon May 21, 2012 9:50 am    Post subject: Reply with quote
those are directories.. yes, you can chmod them to to 755 as long as SO will still be able to write in them
_________________
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number

Author Message
hunkmoney



Joined: 15 Feb 2008
Posts: 41

PostPosted: Tue May 22, 2012 8:17 pm    Post subject: Reply with quote
thanks, it looks like the hacker found a bunch of writeable files and directories and uploaded shell scripts in each spot he could.

Question, with BO, there are a lot of 777 directories. Is is possible to use htaccess protection to allow only the BO domain to access those directories, and still have the blogs function?
Back to top
View user's profile Send private message

Author Message
kaktus
Owner


Joined: 22 May 2004
Posts: 1576
Location: CheapestAdultScripts.com

PostPosted: Tue May 22, 2012 8:36 pm    Post subject: Reply with quote
yes, with htaccess you can deny anyone to get into those dirs, but you need to allo in it all your blogs` domains.

Also in BO in "General Settings->File Permissions" you can set BO to build the files with whatever permissions you like and you can take down the 777 directories to 755, just make sure BO is able to write after that...
_________________
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number

Author Message
goldengob



Joined: 19 Dec 2006
Posts: 26
Location: USA

PostPosted: Tue Jul 03, 2012 7:12 pm    Post subject: Reply with quote
I'm getting this on login:
Fatal error: Incompatible file format: The encoded file has format major ID 0, whereas the Optimizer expects 2 in /home/username/public_html/so/index.php on line 0

Have I been hacked too, or is this something else...
How do I correct it?

Thx!
_________________
Mrpinkie.com
Back to top
View user's profile Send private message Visit poster's website

Author Message
kaktus
Owner


Joined: 22 May 2004
Posts: 1576
Location: CheapestAdultScripts.com

PostPosted: Tue Jul 03, 2012 8:47 pm    Post subject: Reply with quote
no, that has nothing to do with hacking...

your server seem to be recently upgraded... See what PHP and Zend Optimizer/Guard you are on now and let me know...
_________________
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number

Author Message
goldengob



Joined: 19 Dec 2006
Posts: 26
Location: USA

PostPosted: Tue Jul 03, 2012 9:32 pm    Post subject: Reply with quote
The host tells me:

php 5.2.17
zend 3.3.9

but they deny any recent upgrades, so I don't know.
_________________
Mrpinkie.com
Back to top
View user's profile Send private message Visit poster's website

Author Message
kaktus
Owner


Joined: 22 May 2004
Posts: 1576
Location: CheapestAdultScripts.com

PostPosted: Wed Jul 04, 2012 5:06 am    Post subject: Reply with quote
Well, then could be server move, hdd swap, or something else..

To fix, download the upgrade package from my site and do an upgrade..
_________________
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number

Author Message
goldengob



Joined: 19 Dec 2006
Posts: 26
Location: USA

PostPosted: Wed Jul 04, 2012 3:39 pm    Post subject: Reply with quote
That worked great thanks!
_________________
Mrpinkie.com
Back to top
View user's profile Send private message Visit poster's website

Display posts from previous:   
Post new topic   Reply to topic    Kaktusan Corp. Support Area Forum Index -> Site Organizer All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group


 
phpBB Template designed by SkaidonDesigns