Go Back   vb.org Archive > Community Discussions > Forum and Server Management
Reload this Page HACKED - Make sure you are secure
FAQ Community Calendar Today's Posts Search

Reply
Page 2 of 4 1 2 34
 
Thread Tools Display Modes
  #11  
Old 04-09-2009, 11:17 AM
mykes mykes is offline
 
Join Date: Feb 2005
Posts: 23
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Dismounted View Post
That's why vBulletin introduced CSRF protection.
Indeed. It's a good reason to always keep your vb3 up to date, version-wise (to get these kinds of fixes). Though installed hacks and mods that don't have CSRF built in are giant security holes.

Two mods I'd love to see, but haven't found here are:

1) Allow trusted users (e.g. by user group) to post HTML in forums. Right now, you can turn on HTML in one or more forums, but globally for all users.
2) Fix the HTML posting so it strips out script tags and other potentially malicious things (img with src=something.php?args - get rid of ?args)
Reply With Quote
  #12  
Old 04-09-2009, 11:52 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by mykes View Post
img with src=something.php?args - get rid of ?args
vBulletin already allows for this, inside vBulletin Options.
Reply With Quote
  #13  
Old 04-09-2009, 06:56 PM
StructuralNet StructuralNet is offline
 
Join Date: Mar 2009
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I guess the same would go with this code then? Looks like an
Code:
<html><body><script>alert('SwZNd');</script></body></html>

I found that in a PNG file on one of my clients accounts, along with a .zip file and a full directory of helpdesk software, along with a new database for that program.
Reply With Quote
  #14  
Old 04-10-2009, 03:44 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Anything that looks like that generally isn't good.
Reply With Quote
  #15  
Old 04-10-2009, 10:42 AM
StructuralNet StructuralNet is offline
 
Join Date: Mar 2009
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Dismounted View Post
Anything that looks like that generally isn't good.
Yuppp... I found that in a PNG file on two of my clients sites. Their sites have been running well over a year now for no problem, but as soon as I changed hosts it hit the fan. One of the programs installed a helpdesk on their account, even had access to mysql.

What does that code do, pretty much the same as above? Access a file in tmp to great un rooted access?

Dumped that host likes its hot.
Reply With Quote
  #16  
Old 04-10-2009, 11:25 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
The code above doesn't do anything. It's just "test" script.
Reply With Quote
  #17  
Old 04-10-2009, 01:39 PM
StructuralNet StructuralNet is offline
 
Join Date: Mar 2009
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Dismounted View Post
The code above doesn't do anything. It's just "test" script.
Well somehow that image and that helpdesk was installed on the same day.. That site was open for at least a year - 2 weeks after I moved to a new host is when my vb forum got hacked and my clients site were hacked..

No security at all apparently..
Reply With Quote
  #18  
Old 04-12-2009, 05:19 AM
|Jordan|'s Avatar
|Jordan| |Jordan| is offline
 
Join Date: Nov 2004
Posts: 479
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
How do you secure the tmp dir ? chown it?
Reply With Quote
  #19  
Old 04-12-2009, 07:45 PM
Angel-Wings's Avatar
Angel-Wings Angel-Wings is offline
 
Join Date: Sep 2007
Posts: 206
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by |Jordan| View Post
How do you secure the tmp dir ? chown it?
Simple answer - use a different temp dir than the default /tmp one, chown / chmod that one and make sure anything active (PHP, SSI) isn't active there.
Related to the VPS issue and the "It's up to you" statement - that's only partially right. VPS run inside a virtual environment and if the hoster doesn't care about security updates it's possible - hard but possible - to break out from a VPS on the real server and from there, well, you can do everything.
Back to the "tmp dir" - set in php.ini a tempdir, outside the webroot of course and ensure your Webserver doesn't serve that directory.
And related to this base64 - I highly recommend reading some manuals about a "secure as possible" PHP setup. Just because it's set in the default php.ini, it doesn't mean it's good to be kept
Reply With Quote
  #20  
Old 04-13-2009, 02:58 AM
|Jordan|'s Avatar
|Jordan| |Jordan| is offline
 
Join Date: Nov 2004
Posts: 479
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Angel-Wings View Post
Simple answer - use a different temp dir than the default /tmp one, chown / chmod that one and make sure anything active (PHP, SSI) isn't active there.
Related to the VPS issue and the "It's up to you" statement - that's only partially right. VPS run inside a virtual environment and if the hoster doesn't care about security updates it's possible - hard but possible - to break out from a VPS on the real server and from there, well, you can do everything.
Back to the "tmp dir" - set in php.ini a tempdir, outside the webroot of course and ensure your Webserver doesn't serve that directory.
And related to this base64 - I highly recommend reading some manuals about a "secure as possible" PHP setup. Just because it's set in the default php.ini, it doesn't mean it's good to be kept
Chown it as a different user other than root?
Reply With Quote
Reply
Page 2 of 4 1 2 34

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 09:04 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05144 seconds
  • Memory Usage 2,255KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete