| View previous topic :: View next topic |
| Author |
Message |
Lawrence
-
Joined: 16 Jan 2003
Posts: 207
Location: Brisbane, AU
|
 Posted: Tue Sep 27, 2005 3:28 am Post subject: My site defaced - now what? |
 |
|
I recently had my site defaced. I'm hoping for help trying to sort out how they did it and how I can block the hole. My setup is as follows:
Abyss X2 2.0.6
Inivision Power Board 1.3 Final
Pivot Blog 1.30 alpha 3: 'Rippersnapper'
Perl is installed for my access stats, and coranto, both of which are password protected by abyss.
PHP is 4.3.1
To my knowledge there are no vulns in these packages, but there's obviously something broken somewhere.
If anyone has a suggestion on how I might track down the exploit I'd love to hear it.
EDIT: I've been told by one of the defacer's crew (They were kind enough to leave their IRC lair in the deface page) that they used a hack in invision's pollrenderer.php
Now to solve that hole... |
|
| Back to top |
    |
 |
p3
-
Joined: 17 Jun 2005
Posts: 615
|
| Posted: Tue Sep 27, 2005 3:56 am Post subject: |
|
|
| Check your server logs and see where they were and what they did. My guess is they injected some code that allows them to edit pages. |
|
| Back to top |
 |
|
Lawrence
-
Joined: 16 Jan 2003
Posts: 207
Location: Brisbane, AU
|
| Posted: Tue Sep 27, 2005 4:34 am Post subject: |
|
|
If they used a PHP exploit to do the job there wouldn't be any upload records on the serverlog, would there?
Found the hack. It's a Pivot exploit. |
|
| Back to top |
|
|
MonkeyNation
-
Joined: 05 Feb 2005
Posts: 921
Location: Cardiff
|
| Posted: Tue Sep 27, 2005 8:42 am Post subject: |
|
|
DDoSing is your friend.
_________________
 |
|
| Back to top |
   |
|
Arctic
-
Joined: 24 Sep 2004
Posts: 560
|
| Posted: Tue Sep 27, 2005 12:47 pm Post subject: |
|
|
You got hacked because you used some weird, completly weirdly named PHP script...?
Just do something else for your forum like bMachine, or BoostMachine. It works MUCH better than whatever you are using. |
|
| Back to top |
|
|
cmxflash
-
Joined: 11 Dec 2004
Posts: 872
|
| Posted: Tue Sep 27, 2005 1:06 pm Post subject: |
|
|
[Removed]
Last edited by cmxflash on Sun Nov 12, 2006 1:15 am; edited 1 time in total |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Tue Sep 27, 2005 1:37 pm Post subject: Re: My site defaced - now what? |
|
|
| Lawrence wrote: |
PHP is 4.3.1
To my knowledge there are no vulns in these packages, but there's obviously something broken somewhere.
|
PHP 4.3.1 is not the latest version (it was released on February 17, 2003) and there were at least 10 versions released after it, some of them were fixing serious security holes.
So we recommend updating your PHP 4 installation as soon as possible. The latest is 4.4.0.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
cmxflash
-
Joined: 11 Dec 2004
Posts: 872
|
| Posted: Tue Sep 27, 2005 2:31 pm Post subject: |
|
|
| [Removed] |
|
| Back to top |
|
|
|
