Andrey n Victor HELP- Hacking in 777 folders

gkcgautam posted 2nd of March 2008 in Community Voice. 18 comments.
Hello Andrey and Victor
This is in concern with the problem of folders with 777 permissions. EVERYONE PLEASE READ!! HACKERS!!!
I was also worried that if anyone can upload files to these folders, then definately, some hackers would use it.

I don't know if we can tackle this problem through .htaccess files. So i've assumed that stop it with .htaccess
I have an which i don't know would work or not, because i'm not a developer, but just a designer with some knowledge.
As we have directoris like images, sound, video n other with 777 permissions, Dolphin script knows what can be uploaded in these folders. I mean dolphin knows which file extensions can be there in images, video n audio folders.
What i say is that Boonex can create such a script in Dolphin which will periodically check these directories and if it finds a file with an extension which should not be there, it should report it to site admin, or can delete it.
I also wanted to ask you that is it possible for a hacker to create a php file, which can make huge changes to database, and upload it to directories with 777 permission levels. If its possible then Boonex should do something about it.
I've tried many networking scripts....and i should say, Dolphin is definately is best out of them. Though it mostly has bugs, these are soon removed by Boonex by relesing a new version. This is wat i luv about Boonex. But We still need more support from Boonex in Unity as it has promised in the beginning.

Thanks.
 
Comments
·Oldest
·Top
Please login to post a comment.
mscott
It happened to you too!!! I have spent the last two days deleting crap from my folders and Google has already indexed some of it :-(

Then today I got TONS of database errors because someone was trying to connect to links (foreign sites) through browsemusic.php and the photo rating system????

Is this happening to everyone?
maunishq
Have u got any solution to this? I am also getting database errors.
mscott
I figured out what they were trying to do today.. this exploit is almost two years old so hopefully it doesn't still work?!!?

http://securitytracker.com/alerts/2006/Aug/1016692.html
gkcgautam
it has not happened with me yet....but i fear it wud happen...Also one person who works for site securities...hacked my site and changed admin password....Earleir he had been able to login to some other user's account using link list. Though i don't know much about it, He said that even orkut earlier had the link list problem, and according to him...even dolphin has...
Only Boonex can answer this question...
VictorT
Well, we have looked over and over and can state that the facts of the hacks of your site does not come from Dolphin side.

Dolphin was checked by "ScanAlert" and has HACKER SAFE® trust mark on one of the sites of our customer I have mentioned about this in the comments before, but did not announce anything about this officially. Since we are arranging some issues with "ScanAlert" about this.

The exploit you have mentioned above was fixed long ago. So, you don't have to see more worry about it. As well we do not get any kinds of security exploits reports in Dolphin for over than half a year.

The first things at which you should firstly look at are the 3d party scripts you have integrated with Dolphin.
We do not know how the integration is performed, we are not responsible for their stability in regards of the security.
sammie
"The first things at which you should firstly look at are the 3d party scripts you have integrated with Dolphin.
We do not know how the integration is performed, we are not responsible for their stability in regards of the security."

this is why i am against mod sellers selling encrypted mods.
gkcgautam
Thanks VictorT for ur reply.
I'm experimenting with Dolphin for many months...
So i understand that 3rd party scripts can also lead to such problems. So, i had just created a test site without any modification to check this.
I think Boonex should get the Hacker Safe mark as soon as possible. Anywayz, thanks for your reply.
nuccca
@sammie if you don't want encypted mods, develop them yourself, as that is not a good enough reason to stop protecting the rights of the sellers.
Trey
I fully agree with protecting the rights of the seller for what they produced...but if it is encrypted shouldn't it also have a Hacker Safe Mark.
sammie
sorry how about protecting the rights of the buyer to see what they are paying for and installing of their server?
$20 for a mod that can fry your dedicated servers and cost got a few thousand to replace it is not a good enough reason?

look they have an authentication code/license number when you get free and or ads free ray and dolphin.
why oh why cant that be applied to mod sold here?
thats protection enough huh?
HAHAHAHAHAAH sammie is funny.

"$20 for a mod that can fry your dedicated servers and cost got a few thousand to replace it is not a good enough reason?"

A script from some kiddie is not going to fry anything. It may delete your site/files/OS but it wont blow up the CPU, or the Power Supply. Idiot.
mscott
I have flashchat, phpbb2 and the other scripts showing in an "Iframe" which means they are completly seperate from Dolphin and have nothing to do with what is happening. I guess the hackers haven't figured out this exploit was fixed because the were at it again today.. over and over..
VictorT
It's not the case if they are interfered with Dolphin via iframe.
The fact here is that these scripts are installed on your server and operate with Dolphin closely. And in case one of them has exlpoit and would easily get to Dolphin folders with 777 permisiions and upload scripts.

Perhaps, the security hole is in one of these scripts. Please turn to support team of vendors of the scripts you are unsing to see if they have any information about any kinds of exploits. Probably, if there are any see more they can offer you fixes or updates.
maunishq
I am also getting lots of database errors since last 3 days. Has anybody got any solutions? I dont have any 3rd party scripts on entire website. Its all boonex. In every 5 click, I get 1-2 database errors. Any solution?
VictorT
Show us the errors you are getting, please.

We can't give you any solutions since we have no idea about the errors you receive.
zorro
I agree with Sammie. What about the rights of the buyer. Part of the whole reason in using a PHP code platform is to have that ability to look at mod, and do what is needed to the code. In my opinion if I had to deal with encryption crap I would rather continue to work with ASP.NETplatform as it offers so many more performance advantages. But dealing with compiling code and recompiling is just a burden every time you want to make a small change much less be trapped on not even be able to do that. see more
I think Sammie said this once before. The coders of a mod already have the law in their favor. Just be cleaver about how you catch people steeling your mods and then make these people examples of the law but don’t put that crap on us buyers.
Zorro……………………
In any case, there is no way of assurance that encrypted mods are secure. So, even if you are to try to pin-point a bug or a hack bubble in a mod, you must go through the vendor. Honestly, I can't see a vendor acknowledging an exploit in their code. Sometimes the old ways are the best, write your code if you can and use whatever security measure you think would protect you.. the old tag stripping in php still works like magic. I'm afraid 777 in itself is the weakest link, there's noway it can be see more substituted, and I can tell you now, there is not one Social Network script that doesnt require changing permissions on files. The solution is not substituting permissions, rather, in defining and limiting interactivity between user/visitor and server. Example, a code that takes the crap out of the hackers' input and renders it useless.
mscott
Well I had a security expert look at my whole server and it was actually several things.. the hackers WERE trying to exploit that OLD weakness from Dolphin 5.2.. you could tell from the logs they were trying to access /templates/tmpl_dfl ... I'm guessing that was the default template in 5.2? Someone needs to send the hackers a memo and tell them no one uses that anymore. He told me that they are using a spider to crawl all my sites and check EVERY file for a weakness :-( I think I have blocked all see more of the "Ripe Network" which seems to be where all the bad traffic was coming from ..
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
PET:0.07456111907959