Knowledgebase

Portal Home > Knowledgebase > Articles Database > Please help! Major security whole


Please help! Major security whole




Posted by EEssam, 11-19-2008, 03:30 AM
Please help! Major security whole Hi guys, Most if not all of my server vBulletin installation were hacked a few times now. I was able to fix them all but this is being repeated a few times per day. I know exactly how these kids are able to hack vBulletin installations. It's by uploading a CGI file and using the symlink function. I have just tested that and it worked immediately: symlink("/home/username/public_html/vb/includes/config.php", "/home/anotherusername/public_html/con"); So the hackers are able to copy the config.php file then simply using the database name, username and password to alter the template table and display the hacking black screen. How can we stop this from happening? Your help on this issue is greatly appreciated as it's truly ruining our business.
Posted by jphilipson, 11-19-2008, 04:11 AM
Well, first off, is your vbulletin installation up to date? Sounds like they are using an exploit to upload the file in the first place. And is this a dedicated machine, or are you on a shared server? __________________I perform System Administration
Posted by EEssam, 11-19-2008, 04:18 AM
Hello, We are offering shared hosting services for hundreds of people and we can't really prevent these files from being uploaded, we need them not to function after uploaded. Thanks.
Posted by Dynash, 11-19-2008, 04:27 AM
Disable CGI on the account you use?
Posted by The_Overl, 11-19-2008, 10:46 AM
Start using suphp / suexec and make sure each customer has a separate account? __________________ We do co-location and system management in Stockholm, Sweden. Unfortunately we cannot host you, but i'm sure you'll be ok. Remember, the best backup in the world is the one you make yourself.
Posted by jphilipson, 11-19-2008, 01:48 PM
Quote: Originally Posted by The_Overl Start using suphp / suexec and make sure each customer has a separate account? suexec and suphp should stop users from linking to other users directories. __________________I perform System Administration
Posted by cascoing, 11-19-2008, 02:21 PM
If you have cpanel, enable open basedir-restrictions. It will take care of your issue.
Posted by WeWatch, 11-19-2008, 02:51 PM
If you're allowing file uploads you should have the program immediately change the name of the uploaded file to something random. That way it can't be accessed from outside. __________________ Thomas J. Raef WeWatchYourWebsite - so you don't have to!Report: How Cybercriminals Use Your Website to Deliver Their Malware
Posted by amalji, 11-19-2008, 03:24 PM
In addition to having openbasedir restriction enabled, do make sure that insecure functions like symlink is disabled from the server-wide php.ini file. Also make sure that allow_url_fopen is disabled.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Bad gateway in Nginx (Views: 583)
Where to Place WHMCS Integration Code? (Views: 980)
clustered.net down? (Views: 632)
Teres is any reseller that allow sell reseller accounts? (Views: 597)
tunnel ip for user ? (Views: 604)