Website hacked again

Puppy related raves and general interest that doesn't fit anywhere else
Message
Author
Bruce B

Website hacked again

#1 Post by Bruce B »

@ <www.puppylinux.org>

same problem as before, hundreds of evil hyper link referals hidden with this CSS tag

<font style='position: absolute;overflow: hidden;height: 0;width: 0'>

User avatar
puppyluv
Posts: 22
Joined: Fri 21 Mar 2008, 12:54
Location: USA

#2 Post by puppyluv »

I wonder how this keeps happening, and is the site running the latest version of php-fusion? (6.01.13). Maybe there's a permissions issue on some of the files. I run php-fusion on five different sites and haven't had this problem.

If the site's running an older version of php-fusion, it could be a security issue that needs to be looked into.
[size=75]"Whatever is subject to origination is all subject to cessation." - [i]Kutthi Sutta[/i].

[color=darkblue]Dell PowerEdge SC430 Server | 2Gb RAM | Pentium 4 | SATA | Puppy 4.2[/color][/size]

raffy
Posts: 4798
Joined: Wed 25 May 2005, 12:20
Location: Manila

corrected

#3 Post by raffy »

Whoever it is, he can access the root folder to change index.html and chmod files in a subdirectory.

Files restored again. Hope we can move soon to a new host.
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].

tlchost
Posts: 2057
Joined: Sun 05 Aug 2007, 23:26
Location: Baltimore, Maryland USA
Contact:

Re: corrected

#4 Post by tlchost »

raffy wrote:Whoever it is, he can access the root folder to change index.html and chmod files in a subdirectory.

Files restored again. Hope we can move soon to a new host.
If the problem is with the site software, moving to a new host may only be a temporary fix.

Bruce B

Re: corrected

#5 Post by Bruce B »

raffy wrote:Whoever it is, he can access the root folder to change index.html and chmod files in a subdirectory.

Files restored again. Hope we can move soon to a new host.
I don't know how to read that. Were files restored? If so then the site has been compromised again, after my post.

In any event it's compromised at the time of this post.

User avatar
puppyluv
Posts: 22
Joined: Fri 21 Mar 2008, 12:54
Location: USA

Re: corrected

#6 Post by puppyluv »

tlchost wrote: If the problem is with the site software, moving to a new host may only be a temporary fix.
True. Looking at the source code doesn't reveal what version of the portal it's using, but the latest version is 6.01.13. There were some security issues in the previous versions such as with photogallery.php, etc. - these were mostly sql injection problems which have now been fixed as far as can be seen.
[size=75]"Whatever is subject to origination is all subject to cessation." - [i]Kutthi Sutta[/i].

[color=darkblue]Dell PowerEdge SC430 Server | 2Gb RAM | Pentium 4 | SATA | Puppy 4.2[/color][/size]

raffy
Posts: 4798
Joined: Wed 25 May 2005, 12:20
Location: Manila

New website

#7 Post by raffy »

The new website will use another CMS, see here.
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].

Bruce B

#8 Post by Bruce B »

Thanks Raffy,

Q: Are we changing web admins?

Q: Is WhoDo the admin?

Q: Do you know if it's running on Microsoft? Reason I ask, is well, if I find it is, I'm not even going to care what happens to it.

TIA

Bruce

User avatar
WhoDo
Posts: 4428
Joined: Wed 12 Jul 2006, 01:58
Location: Lake Macquarie NSW Australia

#9 Post by WhoDo »

Bruce B wrote:Q: Are we changing web admins?
Sort of. Our usual web admin at the present site, Puppian, has fallen by the wayside. There will be not 1 but 4 web admins at the new site.
Bruce B wrote:Q: Is WhoDo the admin?
One of the four, yes.
Bruce B wrote:Q: Do you know if it's running on Microsoft? Reason I ask, is well, if I find it is, I'm not even going to care what happens to it.
Nope. The new web site is running on Linux, Apache, MySql and PHP, all the latest versions. The new CMS is Drupal 5.7 at the moment, but will be upgraded to 6.x or maybe 7.x when things have settled a little on the development front. Security should be much better, as we aren't sharing a cluster with pron sites (as we apparently are at servage.net).

Hope that helps.
[i]Actions speak louder than words ... and they usually work when words don't![/i]
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com

Bruce B

#10 Post by Bruce B »

WhoDo,

Nobody likes a spellchecker on forums. But this time, considering how sweet and naive you are, I wish to say we spell porn - porn not pron.

Of course I've never actually seen porn, I just live close to the porn capitol of the world.

My good looking nephew knows most of the porn stars, and they like him, but he won't do anything with them. He has some idea one of the hazards of the business are STDs whatever that is.

Bruce

Bruce B

#11 Post by Bruce B »

Oh yeah, back to the subject. My guess is it's not things like Drupal that are as much a problem as:
  • 1) setting permissions
    2) being careful about what modules to install
If you need help, I have a geek brother, PM me, it wouldn't hurt to ask him for help.

Bruce B

#12 Post by Bruce B »

Oh yeah another comment WhoDo - about Microsoft and Windows.

Six, seven or eight years ago, I'd roll up my sleeves and help people with their Windows problems. Users didn't have much alternative back then.

Today, I think people use Windows by default of ignorance or because they want to. My feelings is let them have the full experience. I don't want to use what little technical expertise I have trying to make something I don't believe in look good.

tlchost
Posts: 2057
Joined: Sun 05 Aug 2007, 23:26
Location: Baltimore, Maryland USA
Contact:

#13 Post by tlchost »

Bruce B wrote: Today, I think people use Windows by default of ignorance or because they want to. My feelings is let them have the full experience. I don't want to use what little technical expertise I have trying to make something I don't believe in look good.
There are some valid reasons that people use windows...and your "helpful" attitude might really assist them in seeing the wisdom of investigating the ever-friendly world of another OS.

Of course we can always blame windows for a web site that runs on a linux server using Apache and php applications for the site being hacked...or maybe the evil users who use windows and visit the site are somehow leaving traces of evilness after their visit.

Bruce B

#14 Post by Bruce B »

tlchost wrote:
Bruce B wrote:
There are some valid reasons that people use windows...and your "helpful" attitude might really assist them in seeing the wisdom of investigating the ever-friendly world of another OS.
I don't want to help these criminals. THAT IS A SERIOUS MORAL AND ETHICAL CONSIDERATION.

Let me mention also that Microsoft is a serious enemy of FOSS - I'll take sides in the war Microsoft insists it must have.

I am a Linux advocate, and helping Microsoft is not part and parcel with my being a Linux advocate.

Microsoft are big boys and they can help themselves and their user base as they please.

If there are valid reasons for people using Windows as you say and I'm sure there are, then why would someone need or want another OS?

On the other hand if I use my talents, (which are actually good when I can get my hands on the machine) and I make Windows work right - what incentive for looking into an alternative?

Let Microsoft frustrate their customers and I'll just sit by and do my thing on Linux and help people with Linux. And like I imply, let the Microsoft users which are Microsoft's supports work through their frustrations as they decide if it is really worth it.

Over three thousands posts and most of them were helping people with Linux. Very, very few were helping people with Microsoft.

tlchost
Posts: 2057
Joined: Sun 05 Aug 2007, 23:26
Location: Baltimore, Maryland USA
Contact:

#15 Post by tlchost »

Bruce B wrote:
I am a Linux advocate, and helping Microsoft is not part and parcel with my being a Linux advocate.
And by extension you would/will not help a windows user? Perhaps you are confusing Micrsoft and your negative feeling about them with folks who use their OS and/or applications?
Bruce B wrote: If there are valid reasons for people using Windows as you say and I'm sure there are, then why would someone need or want another OS?
Well, let's see:
A. Someone might realize that no OS is best for ALL tasks, and thus uses
the OS that gives them the best results,
B. Someone values their time, and may be more comfortable using an OS/application that works out of the box without having to install libraries, etc.
C. Someone who earns money in the computer field might have a need to use more than one OS.
D. There may be applications a user wants/needs that in his/her opinion that are more efficient or exisit for a different OS.
E. Someone might be forced to use an OS because of a work environment, yet want to learn about another platform.
Bruce B wrote: On the other hand if I use my talents, (which are actually good when I can get my hands on the machine) and I make Windows work right - what incentive for looking into an alternative?
See above
Bruce B wrote: And like I imply, let the Microsoft users which are Microsoft's supports work through their frustrations as they decide if it is really worth it.
Your bias and anti-Microsoft attitude is quite clear. It does nothing to help anyone, Microsoft nor Linux users alike.

In someways it reminds me of someone is shop class who has become an expert with a ball peen hammer...and who insists that there is no place for a claw hammer, or a box hammer.....it's a valid attitude, but folks who have other tasks than those of peening might find it a bit tiresome.

Bruce B

#16 Post by Bruce B »

And by extension you would/will not help a windows user? Perhaps you are confusing Micrsoft and your negative feeling about them with folks who use their OS and/or applications?
Microsoft had their customer base. Those are the people who keep Microsoft in the money.

Let them have their reward for the money they pay. The good and the bad.

I've not given them a nickel in software for the last eight years. More people like me and Microsoft would have to compete rather than bully - if they want business.

If I bought Microsoft software, I'd feel guilty for helping such bad people.

I'd feel guilty if I helped you get your Microsoft running nice and smooth. Why should I do anything at all to help bad guys look good?

You are judging me and I'm not a criminal or a bad guy. Not that I'm bothered, I'm not.

How much harder should you judge criminal ethics and behavior?

tlchost
Posts: 2057
Joined: Sun 05 Aug 2007, 23:26
Location: Baltimore, Maryland USA
Contact:

#17 Post by tlchost »

Bruce B wrote: I'd feel guilty if I helped you get your Microsoft running nice and smooth. Why should I do anything at all to help bad guys look good?

You are judging me and I'm not a criminal or a bad guy. Not that I'm bothered, I'm not.

How much harder should you judge criminal ethics and behavior?
I can tell you're not bothered...that's why you keep the thread going.

I never said you were a criminal or a bad guy...I might be tempted to use words like petty.

I think you did a marvelous job of avoiding most of the issues about user needs, user choice, etc. You aren't in any way paid to do customer support, are you? I know with your attitude if you worked for me, you'd be out the door....because the customers who need help simply wouldn't put up with you.

I'm glad that not all Linux and/or Windows devotees are as biased as you seem to be....

Sage
Posts: 5536
Joined: Tue 04 Oct 2005, 08:34
Location: GB

#18 Post by Sage »

Over here, we use a ball-pein hammer to peen over a metal edge. Allegorical, I presume.

jonyo

#19 Post by jonyo »

Linux folks are a whole diff breed from the win & even ~ real world.
http://linux.oneandoneis2.org/LNW.htm
Problem #3: Culture shock
Subproblem #3a: There is a culture

Windows users are more or less in a customer-supplier relationship: They pay for software, for warranties, for support, and so on. They expect software to have a certain level of usability. They are therefore used to having rights with their software: They have paid for technical support and have every right to demand that they receive it. They are also used to dealing with entities rather than people: Their contracts are with a company, not with a person.

Linux users are in more of a community. They don't have to buy the software, they don't have to pay for technical support. They download software for free & use Instant Messaging and web-based forums to get help. They deal with people, not corporations.
In the linux crowd, you will certainly have folks who absolutely hate anything to do with win & they freely speak their minds here.

tlchost
Posts: 2057
Joined: Sun 05 Aug 2007, 23:26
Location: Baltimore, Maryland USA
Contact:

#20 Post by tlchost »

Sage wrote:Over here, we use a ball-pein hammer to peen over a metal edge. Allegorical, I presume.
You use it because it's the appropraite tool for the job I would think. I wouldn't think you'd you it to erect framing for a house...unless you were absooutely certain that the Framing Company was evil, or that the only real, true and blessed hammer company was that that makes the ball peen version. Heck you might even create a nick name of Framez for the bad hammers.

Post Reply