Clan Themes, We Make Clans Look Good!

www.idevaffiliate.com/31216/idevaffiliate.php?id=203_0_1_3

IMPORTANT HoS Vulnerability Found!

Posted on Wednesday, September 26, 2007 @ 17:04 by floppy

Duck writes

I would like to inform the community that I discovered a vulnerablility in the Hall of Shame Module (HoS) I wrote.

It came to my attention that my server was running a script that was using up processor resources and lagging my shared host environment. The process was running under my account so I did some searching and found out there were files uploaded to the HoS punkss and punkdemo folders where files uploaded by admins are stored.

It seemms they were using my server as a mail and chat relay. I still looking into the matter to figure out how they got in and how to make sure it doesn't happen agin but in the meantime I wanted to inform the community so people can secure themselves as quickly as possible.

First step to do is check for any subfolders under punkss and punkdemos and delete ANY and ALL subfolders you find. The subfolders I found were named _vti_bin and ... and .a After that create an htacess file with the following lines in it and put in those folders.

<Limit GET POST>
order deny,allow
deny from all
</Limit>

This should protect you till I can create an update with security fixes.

Lastly check to make sure you have no cron job scheduled for which you did not create.

Also as extra measure if you did have these subfolders existing I would recommend all admins change their passwords and also your hosting company passwords. (I don't believe my passwords were compromised as I would have found additional traces of files elsewhere but I like to err on the side of caution during these times).

Sorry I don't have an update yet but I just found out about this in this past hour and want to inform everyone right away. I will do my best to come up with an update by this weekend sometime.

Thank You,

Duck

Quick Searches

**IMPORTANT** vWar Vulnerability Discovered!!!

**Fixed** VWar invulnerability and New Protection Methods

Coppermine Photo Gallery Two SQL Injection Vulnerabilities

**IMPORTANT** PHPNuke Platinum Exploit

NSN Supporters Exploit Fix

The comments below belong to their respectful owners, Clan Themes can not be held responsible for any of the below comments. You also read the below comments at your own choice.


	floppy writes Thanks for letting us know.
	Wednesday, September 26, 2007 @ 18:38


	SteveT1967 writes Thanks - good info - gotta stay up on security - too many hackers out there
	Thursday, September 27, 2007 @ 11:27


	monobox writes thanks alot
	Sunday, September 30, 2007 @ 11:47


	monobox writes Nice, i will check it out
	Sunday, September 30, 2007 @ 12:14


	Duck writes After further investigation this appears not to be a vulnerability with the script itself but a directory permission issue with my server. I have yet to find anyone else compromised and as well checked my code carefully and it is about as secure as one can get wit uploads. I have however given it considerable thought and have had some new ideas that I might develop in a future version I have planned that may incorporate even more security. For now I recommend people do not use the default directory for screenshots and PB and keep an eye on those directories for tampering. But overall I am fairly confident people will find the scripts themselves safe.
	Tuesday, October 02, 2007 @ 10:07