Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 23 Jul 2014, 10:06
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Misc
Website hacked again
Moderators: Flash, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 6 [79 Posts]   Goto page: 1, 2, 3, 4, 5, 6 Next
Author Message
Bruce B


Joined: 18 May 2005
Posts: 11080
Location: The Peoples Republic of California

PostPosted: Mon 24 Mar 2008, 01:38    Post subject:  Website hacked again  

@ <www.puppylinux.org>

same problem as before, hundreds of evil hyper link referals hidden with this CSS tag

<font style='position: absolute;overflow: hidden;height: 0;width: 0'>
Back to top
View user's profile Send private message 
puppyluv


Joined: 21 Mar 2008
Posts: 22
Location: USA

PostPosted: Mon 24 Mar 2008, 09:10    Post subject:  

I wonder how this keeps happening, and is the site running the latest version of php-fusion? (6.01.13). Maybe there's a permissions issue on some of the files. I run php-fusion on five different sites and haven't had this problem.

If the site's running an older version of php-fusion, it could be a security issue that needs to be looked into.

_________________
"Whatever is subject to origination is all subject to cessation." - Kutthi Sutta.

Dell PowerEdge SC430 Server | 2Gb RAM | Pentium 4 | SATA | Puppy 4.2

Back to top
View user's profile Send private message 
raffy

Joined: 25 May 2005
Posts: 4759
Location: Manila

PostPosted: Mon 24 Mar 2008, 09:48    Post subject: corrected  

Whoever it is, he can access the root folder to change index.html and chmod files in a subdirectory.

Files restored again. Hope we can move soon to a new host.

_________________
Puppy user since Oct 2004. Want FreeOffice? Get the sfs (English only).
Back to top
View user's profile Send private message 
tlchost

Joined: 05 Aug 2007
Posts: 1667
Location: Baltimore, Maryland USA

PostPosted: Mon 24 Mar 2008, 20:07    Post subject: Re: corrected  

raffy wrote:
Whoever it is, he can access the root folder to change index.html and chmod files in a subdirectory.

Files restored again. Hope we can move soon to a new host.


If the problem is with the site software, moving to a new host may only be a temporary fix.
Back to top
View user's profile Send private message Visit poster's website 
Bruce B


Joined: 18 May 2005
Posts: 11080
Location: The Peoples Republic of California

PostPosted: Mon 24 Mar 2008, 20:28    Post subject: Re: corrected  

raffy wrote:
Whoever it is, he can access the root folder to change index.html and chmod files in a subdirectory.

Files restored again. Hope we can move soon to a new host.


I don't know how to read that. Were files restored? If so then the site has been compromised again, after my post.

In any event it's compromised at the time of this post.
Back to top
View user's profile Send private message 
puppyluv


Joined: 21 Mar 2008
Posts: 22
Location: USA

PostPosted: Mon 24 Mar 2008, 20:49    Post subject: Re: corrected  

tlchost wrote:

If the problem is with the site software, moving to a new host may only be a temporary fix.


True. Looking at the source code doesn't reveal what version of the portal it's using, but the latest version is 6.01.13. There were some security issues in the previous versions such as with photogallery.php, etc. - these were mostly sql injection problems which have now been fixed as far as can be seen.

_________________
"Whatever is subject to origination is all subject to cessation." - Kutthi Sutta.

Dell PowerEdge SC430 Server | 2Gb RAM | Pentium 4 | SATA | Puppy 4.2

Back to top
View user's profile Send private message 
raffy

Joined: 25 May 2005
Posts: 4759
Location: Manila

PostPosted: Tue 25 Mar 2008, 01:34    Post subject: New website  

The new website will use another CMS, see here.
_________________
Puppy user since Oct 2004. Want FreeOffice? Get the sfs (English only).
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11080
Location: The Peoples Republic of California

PostPosted: Tue 25 Mar 2008, 06:19    Post subject:  

Thanks Raffy,

Q: Are we changing web admins?

Q: Is WhoDo the admin?

Q: Do you know if it's running on Microsoft? Reason I ask, is well, if I find it is, I'm not even going to care what happens to it.

TIA

Bruce
Back to top
View user's profile Send private message 
WhoDo


Joined: 11 Jul 2006
Posts: 4441
Location: Lake Macquarie NSW Australia

PostPosted: Tue 25 Mar 2008, 06:28    Post subject:  

Bruce B wrote:
Q: Are we changing web admins?

Sort of. Our usual web admin at the present site, Puppian, has fallen by the wayside. There will be not 1 but 4 web admins at the new site.

Bruce B wrote:
Q: Is WhoDo the admin?

One of the four, yes.

Bruce B wrote:
Q: Do you know if it's running on Microsoft? Reason I ask, is well, if I find it is, I'm not even going to care what happens to it.

Nope. The new web site is running on Linux, Apache, MySql and PHP, all the latest versions. The new CMS is Drupal 5.7 at the moment, but will be upgraded to 6.x or maybe 7.x when things have settled a little on the development front. Security should be much better, as we aren't sharing a cluster with pron sites (as we apparently are at servage.net).

Hope that helps.

_________________
Actions speak louder than words ... and they usually work when words don't!
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11080
Location: The Peoples Republic of California

PostPosted: Tue 25 Mar 2008, 07:39    Post subject:  

WhoDo,

Nobody likes a spellchecker on forums. But this time, considering how sweet and naive you are, I wish to say we spell porn - porn not pron.

Of course I've never actually seen porn, I just live close to the porn capitol of the world.

My good looking nephew knows most of the porn stars, and they like him, but he won't do anything with them. He has some idea one of the hazards of the business are STDs whatever that is.

Bruce
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11080
Location: The Peoples Republic of California

PostPosted: Tue 25 Mar 2008, 07:44    Post subject:  

Oh yeah, back to the subject. My guess is it's not things like Drupal that are as much a problem as:

    1) setting permissions
    2) being careful about what modules to install


If you need help, I have a geek brother, PM me, it wouldn't hurt to ask him for help.
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11080
Location: The Peoples Republic of California

PostPosted: Tue 25 Mar 2008, 07:50    Post subject:  

Oh yeah another comment WhoDo - about Microsoft and Windows.

Six, seven or eight years ago, I'd roll up my sleeves and help people with their Windows problems. Users didn't have much alternative back then.

Today, I think people use Windows by default of ignorance or because they want to. My feelings is let them have the full experience. I don't want to use what little technical expertise I have trying to make something I don't believe in look good.
Back to top
View user's profile Send private message 
tlchost

Joined: 05 Aug 2007
Posts: 1667
Location: Baltimore, Maryland USA

PostPosted: Tue 25 Mar 2008, 09:05    Post subject:  

Bruce B wrote:

Today, I think people use Windows by default of ignorance or because they want to. My feelings is let them have the full experience. I don't want to use what little technical expertise I have trying to make something I don't believe in look good.


There are some valid reasons that people use windows...and your "helpful" attitude might really assist them in seeing the wisdom of investigating the ever-friendly world of another OS.

Of course we can always blame windows for a web site that runs on a linux server using Apache and php applications for the site being hacked...or maybe the evil users who use windows and visit the site are somehow leaving traces of evilness after their visit.
Back to top
View user's profile Send private message Visit poster's website 
Bruce B


Joined: 18 May 2005
Posts: 11080
Location: The Peoples Republic of California

PostPosted: Tue 25 Mar 2008, 09:49    Post subject:  

[quote="tlchost"]
Bruce B wrote:


There are some valid reasons that people use windows...and your "helpful" attitude might really assist them in seeing the wisdom of investigating the ever-friendly world of another OS.



I don't want to help these criminals. THAT IS A SERIOUS MORAL AND ETHICAL CONSIDERATION.

Let me mention also that Microsoft is a serious enemy of FOSS - I'll take sides in the war Microsoft insists it must have.

I am a Linux advocate, and helping Microsoft is not part and parcel with my being a Linux advocate.

Microsoft are big boys and they can help themselves and their user base as they please.

If there are valid reasons for people using Windows as you say and I'm sure there are, then why would someone need or want another OS?

On the other hand if I use my talents, (which are actually good when I can get my hands on the machine) and I make Windows work right - what incentive for looking into an alternative?

Let Microsoft frustrate their customers and I'll just sit by and do my thing on Linux and help people with Linux. And like I imply, let the Microsoft users which are Microsoft's supports work through their frustrations as they decide if it is really worth it.

Over three thousands posts and most of them were helping people with Linux. Very, very few were helping people with Microsoft.
Back to top
View user's profile Send private message 
tlchost

Joined: 05 Aug 2007
Posts: 1667
Location: Baltimore, Maryland USA

PostPosted: Tue 25 Mar 2008, 10:13    Post subject:  

Bruce B wrote:


I am a Linux advocate, and helping Microsoft is not part and parcel with my being a Linux advocate.

And by extension you would/will not help a windows user? Perhaps you are confusing Micrsoft and your negative feeling about them with folks who use their OS and/or applications?

Bruce B wrote:

If there are valid reasons for people using Windows as you say and I'm sure there are, then why would someone need or want another OS?


Well, let's see:
A. Someone might realize that no OS is best for ALL tasks, and thus uses
the OS that gives them the best results,
B. Someone values their time, and may be more comfortable using an OS/application that works out of the box without having to install libraries, etc.
C. Someone who earns money in the computer field might have a need to use more than one OS.
D. There may be applications a user wants/needs that in his/her opinion that are more efficient or exisit for a different OS.
E. Someone might be forced to use an OS because of a work environment, yet want to learn about another platform.

Bruce B wrote:

On the other hand if I use my talents, (which are actually good when I can get my hands on the machine) and I make Windows work right - what incentive for looking into an alternative?


See above

Bruce B wrote:

And like I imply, let the Microsoft users which are Microsoft's supports work through their frustrations as they decide if it is really worth it.


Your bias and anti-Microsoft attitude is quite clear. It does nothing to help anyone, Microsoft nor Linux users alike.

In someways it reminds me of someone is shop class who has become an expert with a ball peen hammer...and who insists that there is no place for a claw hammer, or a box hammer.....it's a valid attitude, but folks who have other tasks than those of peening might find it a bit tiresome.
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 6 [79 Posts]   Goto page: 1, 2, 3, 4, 5, 6 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Misc
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0864s ][ Queries: 12 (0.0042s) ][ GZIP on ]