hoster blocked site because of spam

hi people,

 

i had some problems with my dolphin community today. my hoster suspended my site from one moment to another because of spamming which came from my account (what they told me). they told me that the problem is in the domain.com/groups/gallery/info.php and they had to remove that script. now i have the question, what is this script doing`? do i need it? if yes, how do i solve this problem...

Please anybody help me!!!

Quote · 29 May 2008

Original Dolphin package doesn't contain such groups/gallery/info.php file... but just some pictures.

Life is a fatal disease, sexually transmissible - Virginity is carcinogenic! Ask here for vaccine.
Quote · 29 May 2008

I would have to say someone has hacked into your account, ask your host when that file was uploaded and if it was done through ftp. If they are logging then they should be able to find out pretty quickly.

Quote · 29 May 2008

As a security precaution you should change all your site and ftp passwords too. Definately inform your hosts that you believe your site was hacked and ask them to look into it. Try and make it their problem rather than yours.

You may also want to look into a fresh installation or at least checking your installation for any more rogue files.

Quote · 29 May 2008

Let me guess.. you're using Hostforweb?  This happened to me (and 1000s of other Hostforweb users) two months ago. I have bad news, those evil files could be in EVERY directory on your server that is set to "777". "777" directory permissions are VERY insecure and Dolphin is FULL of them so you will have a lot to check. The hacker/spammer used a bad spider to crawl your site and look for those directories.

 

Ask tech support if they can give you the file date of the file they removed, that will make your search easier because all the rogue files will be that same date.

 

Oh, and you should have an htaccess file in EVERY 777 directory that prevents scripts from running.. so even if they get their file there they can't use it.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 29 May 2008

Mike -- sounds like great advice.  Can you give us an example of what that .htaccess file should look like?  Thanks!

Quote · 30 May 2008

paste this into your images htaccess

<FilesMatch "\.php$">
Order allow,deny
</FilesMatch>

I have video tutorials to help you mrpowless.com
Quote · 30 May 2008

Ok people,

 

many thx for all the replies. I will have to check all the directories now as mscott sais. And right its Hostforweb...

 

I will try this with the htaccess and will see how it works...

 

Thx for now

Quote · 30 May 2008

I KNEW it was Hostforweb! They really don't know what they are doing so I got the heck out of there.

 

 

About the htaccess, I go that extra mile... here is what I use:

 

<LimitExcept GET>
order deny,allow
deny from all
</Limit>

<FilesMatch "\.(cgi|pl|py|bak|txt|htaccess|htpasswd|log|zip|asp|sh|shtml|js.*|gz|tgz|tar|php.*|htm.*)$">
Deny from all
</FilesMatch>

 

Mike

http://www.makeasocialnetwork.com

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 30 May 2008

I was just about to upgrade to there top dedicated server, from VPS, now time to search, the amount of bad posts I have read about HostForWeb, has made me hold back, this one just nailed it. 

 

Thanks the the final heads up.

From the land DownUnder
Quote · 30 May 2008

Well I don't care what anyone says. Anytime there is a folder that a script says to set to 777 during installation, you are on the border line of asking for trouble. Unless you are tuned into security like mscott and are familiar with what to do with .htaccess. Most users of this script aren't so tunned in. I still say hosting comany's that run their server as cgi is much more secure. Nothing is 100% guranteed or safe, but I honestly think company's that go this route are actually tunned into security more than others. There are some linux kernel's that are a little more secure for apache, but if I had a choice of a host that can run dolphin I'd take the cgi route over apache for security alone. It also seems like hostforweb is kind of a hang out for dolphin good or bad.

Anyway hope it works out for you AlexinSpain if you see any files like 10455.php(or other random numbers.php), time.php, etc. or any file.php that isn't part of the script most likely it is safe to delete. You will also most likely find the majority of the files in 777 folders and 1 or 2 files all the same size scattered about 777's.

DialMe.com - Your One and Only Source For Boonex Dolphin Tutorials and Resources
Quote · 30 May 2008

You can also add this in ".htaccess"

Deny from all

----
Quote · 30 May 2008
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.