Andrey n Victor HELP- Hacking in 777 folders
gkcgautam
posted 2nd of March 2008
in
Community Voice.
18 comments.
Hello Andrey and VictorThis is in concern with the problem of folders with 777 permissions. EVERYONE PLEASE READ!! HACKERS!!!
I was also worried that if anyone can upload files to these folders, then definately, some hackers would use it.
I don't know if we can tackle this problem through .htaccess files. So i've assumed that stop it with .htaccess
I have an which i don't know would work or not, because i'm not a developer, but just a designer with some knowledge.
As we have directoris like images, sound, video n other with 777 permissions, Dolphin script knows what can be uploaded in these folders. I mean dolphin knows which file extensions can be there in images, video n audio folders.
What i say is that Boonex can create such a script in Dolphin which will periodically check these directories and if it finds a file with an extension which should not be there, it should report it to site admin, or can delete it.
I also wanted to ask you that is it possible for a hacker to create a php file, which can make huge changes to database, and upload it to directories with 777 permission levels. If its possible then Boonex should do something about it.
I've tried many networking scripts....and i should say, Dolphin is definately is best out of them. Though it mostly has bugs, these are soon removed by Boonex by relesing a new version. This is wat i luv about Boonex. But We still need more support from Boonex in Unity as it has promised in the beginning.
Thanks.
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
The new Dolphin solution is powered by UNA Community Management System.
Then today I got TONS of database errors because someone was trying to connect to links (foreign sites) through browsemusic.php and the photo rating system????
Is this happening to everyone?
http://securitytracker.com/alerts/2006/Aug/1016692.html
Only Boonex can answer this question...
Dolphin was checked by "ScanAlert" and has HACKER SAFE® trust mark on one of the sites of our customer I have mentioned about this in the comments before, but did not announce anything about this officially. Since we are arranging some issues with "ScanAlert" about this.
The exploit you have mentioned above was fixed long ago. So, you don't have to see more
We do not know how the integration is performed, we are not responsible for their stability in regards of the security."
this is why i am against mod sellers selling encrypted mods.
I'm experimenting with Dolphin for many months...
So i understand that 3rd party scripts can also lead to such problems. So, i had just created a test site without any modification to check this.
I think Boonex should get the Hacker Safe mark as soon as possible. Anywayz, thanks for your reply.
$20 for a mod that can fry your dedicated servers and cost got a few thousand to replace it is not a good enough reason?
look they have an authentication code/license number when you get free and or ads free ray and dolphin.
why oh why cant that be applied to mod sold here?
thats protection enough huh?
"$20 for a mod that can fry your dedicated servers and cost got a few thousand to replace it is not a good enough reason?"
A script from some kiddie is not going to fry anything. It may delete your site/files/OS but it wont blow up the CPU, or the Power Supply. Idiot.
The fact here is that these scripts are installed on your server and operate with Dolphin closely. And in case one of them has exlpoit and would easily get to Dolphin folders with 777 permisiions and upload scripts.
Perhaps, the security hole is in one of these scripts. Please turn to support team of vendors of the scripts you are unsing to see if they have any information about any kinds of exploits. Probably, if there are any see more
We can't give you any solutions since we have no idea about the errors you receive.