Hacked Again!

LightWolf posted 25th of August 2009 in Community Voice. 14 comments.

Okay a warning to all, my Dolphin 6.1.5 has been hacked again. This time I have found php files in all folders even if they are NOT 777. I have my host helping me out with this. Try looking into all folders and your cache folder. This happened after I had 2 new members join my test site last couple of days.

Some of the files are like 26548.php named files,different numbers though. And I think this is also there's as it was found in my admin folder. core.25838 there seems to be a few of those there.

Dang my site has fleas!!! Nasty fleas!!!  This really bites!!!

 
Comments
·Oldest
·Top
Please login to post a comment.
AlexT
AlexT25th of August 2009
 
Dolphin 6.1.5 was not so long exist and had some problems, this is the reason updated version was released quickly after 6.1.5. You can check trac for all known 6.1.5 problems.

It is better to be updated to the latest Dolphin 6.1.6
PermalinkReplyPlus0 pluses
LightWolf
LightWolf25th of August 2009
 
Yes I was in the process of upgrading. I really didn't want to do much with this site tell D7 but alas someone has other ideas so upgrade and extra security it is. Man I have files in ALL folders and errors in all .htaccess files as well.
PermalinkReplyPlus0 pluses
xxprincexx
xxprincexx7th of September 2009to LightWolf
 
yes i think so too my site is being hacked and now new users cant login to chat.. they can see chat but cant type nor use video i did a fresh install worked for 2 days then went back to same thing
new people chat box opened to a whole new chat with no one there
PermalinkReplyPlus0 pluses
houstonlively
houstonlively26th of August 2009
 
Can you check your server logs and lets us know the IP address that uploaded the files? I'd bet anything it's from asia/pacific rim or northern Europe.
PermalinkReplyPlus0 pluses
LightWolf
LightWolf26th of August 2009to houstonlively
 
I have Sammie looking into this to see if she can help find out some more info. I can not believe someone would give this blog a negative vote..gees some people on here really need to grow up. We started going through my account and deleting the files but there seems to be a whole lot of them so the company that runs the server will help. I just want all people to know that even if the script asks for folders to be 777 DO NOT do that!
PermalinkReplyPlus0 pluses
LightWolf
LightWolf26th of August 2009to houstonlively
 
I Found what i was looking for, seems this hacker came from china and tacked all my css files.
PermalinkReplyPlus0 pluses
CodeSatori
CodeSatori26th of August 2009
 
You must mean eastern Europe and Russia... NE hackers aren't particularly big or famous on script kid stuff.

Of course it's critical that software with security holes be upgraded --- these days it's so easy to find and exploit vulnerable scripts, and if it's online, someone will find it.
PermalinkReplyPlus0 pluses
houstonlively
houstonlively26th of August 2009
 
CS.... I definitely meant to include .ru, but a vBulletin site of mine gets a lot of hacking attempts from .de. .cn & .tw probably top the list. Those are probably the top 4 sources of scumbag hackers and spammers.

When I put my site on a dedicated server, I'm going to use GeoIP to block about 90% of the planet. For D7, I'm more concerned with spammers than hackers. Spammers will definitely love D7's 'Sites' module.
PermalinkReplyPlus0 pluses
Technoman
Technoman26th of August 2009
 
like you said "Shared Hosting" HACKED !

I wrote a blog about this issue

( this was written at the last part of my blog )

Security is a prime factor on shared hositng.

If your on a shared hosting server, well guess what?

The bad news is, your 1000 neighbor's with just ssh access can add stuff right into all your directories if permission's allows him/her!
PermalinkReplyPlus0 pluses
LightWolf
LightWolf27th of August 2009
 
Well I am not on what you would call shared hosting, but it is private hosting. And yes I should have upgraded it since dolphin did have a folder that needed to be 777. Oh well let the fleas go ride someone else's back now, i removed all they added, so soon all will be back to normal. I always keep back ups.
PermalinkReplyPlus0 pluses
CodeSatori
CodeSatori27th of August 2009
 
Really, most shared hosting environments have glaring security problems. Apparently it's been incredibly hard for Linux developers to create for an environment where shared hosting users can be definitively jailed into their own environments without breaking anything crucial.

I've almost been booted away from two separate hosting companies with charges on trying to compromise their system when I've demonstrated (to their staff only) how I could do cross-account file writing on any 0777 CHMOD file see more in the system with a simple PHP file.
PermalinkReplyPlus0 pluses
buckmcgoo
buckmcgoo28th of August 2009to CodeSatori
 
Aha! LightWolf it was CodeSatori who hacked your site!
PermalinkReplyPlus0 pluses
CodeSatori
CodeSatori29th of August 2009to CodeSatori
 
W077 (_) |<~0w 4B0u7 oo|´ h4x0r5!Zm ? ?
PermalinkReplyPlus0 pluses
meinecommunity
meinecommunity1st of September 2009
 
We're running a root server here in Germany and our site (of which dolphin is just one more free feature) with traffic in excess of 130.000 page views per month (all word of mouth). Our server experiences severe hacking attempts 24 x 7 but we've never had any problems, not even with Dolphin 6.1.4

You can write (or have someone do it for you at relatively low cost) a cron job to prevent unauthorized IP access. You can include "fail to ban" on your server (root domain) where after two see more incorrect logins that IP is completely out of the system for whatever duration you see fit. There are also free firewall options online (check sourceforge) for servers. Last but not least, you can create redirect pages for each and every folder that someone shouldn't have access to, with a redirect that dumps people wherever you see fit in as little as 1 second. Often people forget to include image archives ... big mistake! More radical, is the approach to ban entire countries from your server ... no kidding, this can be done. There's all sorts of stuff that you can do to protect your TLD and/or your server. It's not even expensive, just a matter of shopping around in some reputable server forums and finding someone with decent references. Heck, you might even be able to find someone right here at Boonex.

Security doesn't start with Dolphin, regardless which version. It begins with your server and if you're paying good money for hosting or a server, then by golly gosh that shouldn't even be an issue. Your hosting provider/server admin should be able to make things more secure for you. It should be part of the included service as that's not just of concern to you, but to anyone (or company) with root servers, to include the company that you're paying good money to.

Greetings from Germany
PermalinkReplyPlus0 pluses
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Custom Jobs
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd
SSL
© BoonEx
Home
Features
Pricing
Support
Hosting
About
Demo
PET:0.067161798477173