**IMPORTANT** Hall of Shame Module Vulnerability Found - I would like to inform the community that I discovered a vulnerablility in the Hall of Shame Module (HoS) I wrote. It came to my attention that my server was running a script that was using up processor resources and lagging my shared host environment. - PhpNuke Clan Themes - PhpNuke Themes, PhpNuke Tutorials, PhpNuke Downloads for Gamers

Welcome To Clan Themes
	As the board grows please remember the Search Option and we hope you find our community useful. We also monitor Private Messages to stop members from abusing our sites system. If you are asking for assistance please provide your site link and nuke version, Thanks.

**IMPORTANT** Hall of Shame Module Vulnerability Found

4 Replies / 672 Views


www.clan-themes.co.uk Forum Index » Bugs/Issues	View previous topic :: View next topic

Duck
Reputation: 469.6
Local time: 10:32 PM

Status: Offline
0.09 posts per day
Medals: 0

Joined: Jan 07, 2007
Last Visit: 16 May 2008
Posts: 46
Points: 4694

IMPORTANT Hall of Shame Module Vulnerability Found Posted: Wed Sep 26, 2007 8:15 pm

I would like to inform the community that I discovered a vulnerablility in the Hall of Shame Module (HoS) I wrote.

It came to my attention that my server was running a script that was using up processor resources and lagging my shared host environment. The process was running under my account so I did some searching and found out there were files uploaded to the HoS punkss and punkdemo folders where files uploaded by admins are stored.

It seemms they were using my server as a mail and chat relay. I still looking into the matter to figure out how they got in and how to make sure it doesn't happen agin but in the meantime I wanted to inform the community so people can secure themselves as quickly as possible.

First step to do is check for any subfolders under punkss and punkdemos and delete ANY and ALL subfolders you find. The subfolders I found were named _vti_bin and ... and .a After that create an htacess file with the following lines in it and put in those folders.

<Limit GET POST>
order deny,allow
deny from all
</Limit>

This should protect you till I can create an update with security fixes.

Lastly check to make sure you have no cron job scheduled for which you did not create.

Also as extra measure if you did have these subfolders existing I would recommend all admins change their passwords and also your hosting company passwords. (I don't believe my passwords were compromised as I would have found additional traces of files elsewhere but I like to err on the side of caution during these times).

Sorry I don't have an update yet but I just found out about this in this past hour and want to inform everyone right away. I will do my best to come up with an update by this weekend sometime.

Thank You,

Duck

floppy
Reputation: 2015.9
votes: 9
Local time: 7:32 AM
Location: Jackson Mississippi

Status: Offline
3.20 posts per day
Medals: 1 (View more...)

Clan Themes Scripts/Coder

Joined: Nov 14, 2006
Last Visit: 17 May 2008
Posts: 1760
Points: 16571

important hos vulnerability found! Posted: Wed Sep 26, 2007 10:02 pm
Shop Purchases:Clan Roster 2.0

Great! Thanks for posting! If you will submit some news I sticky it.

Free Clan Links - Submit Yours today

Duck
Reputation: 469.6
Local time: 10:32 PM

Status: Offline
0.09 posts per day
Medals: 0

Joined: Jan 07, 2007
Last Visit: 16 May 2008
Posts: 46
Points: 4694

important hos vulnerability found! Posted: Wed Sep 26, 2007 11:32 pm

I'd also like to ask if anyone has found they're compromised can they please note the files modified times of the subfolders (before you delete them of course) and if possible send me copies of any log files they have for those times to help me track what exactly they did to get in. Or any other info you might think is useful.

Thanks.

Ped
Reputation: 913.4
votes: 17
Local time: 1:32 PM
Location: Great British Empire

Status: Offline
3.02 posts per day
Medals: 2 (View more...)

Clan Themes Theme Guru

Joined: Nov 13, 2006
Last Visit: 17 May 2008
Posts: 1664
Points: 5603

Re: important hos vulnerability found! Posted: Thu Sep 27, 2007 9:01 am

Stickied this thread, thanks for the info duck

Duck
Reputation: 469.6
Local time: 10:32 PM

Status: Offline
0.09 posts per day
Medals: 0

Joined: Jan 07, 2007
Last Visit: 16 May 2008
Posts: 46
Points: 4694

IMPORTANT Hall of Shame Module Vulnerability Found Posted: Thu Sep 27, 2007 3:38 pm

Thanks,

Yes I still haven't been able to confirm how they did it. It is possible it is not related to the scripts themselves and actually a problem related to one of my admins but until I can be sure I wanted to spread the word and keep people safe. This is why I am also asking anyone to contact me if they find they have been compromised so I can make sure it is the scripts and not something else. Unfortunately my log files are of no use cause I did a server move recently and can't check to see how they were able to compromise me which makes my problem of troubleshooting more difficult. I will keep everyone updated though once I figure it out.

www.clan-themes.co.uk Forum Index » Bugs/Issues

4 Replies / 672 Views
Page 1 of 1
All times are GMT

Display posts from previous:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum