PDA

View Full Version : Photopost files vulnerable?


CNibbana
March 1st, 2005, 09:05 AM
I am already a Photopost owner, but needed to post a thread here in a visible area I can show my web host.

Last week the server my site resides on was hacked. It was determined that sites running PHP Nuke exposed vulnerabilities that alllowed the hackers in. My site does not run PHP Nuke.

My host decided to remove any sites running PHP Nuke. They found the word "Nuke" within my Photopost directory and deleted my Photopost directory entirely. I tried to explain that these are just plugin files that are not vulnerable because I am not running PHP Nuke. They made me sign and fax a waiver but my Photopost files are still gone.

Shouldn't the host be able to delete the files "\forums\nuke", "forums\postnuke", and "usergroups-nuke.sql" without disturbing my Photopost? I am running the vb3 plugin, but that shouldn't have any effect.

Can someone from staff please confirm or reiterate what I am saying so my host will restore my Photopost application?

Thank-you!

Chuck S
March 1st, 2005, 09:31 AM
Hello

nuke.php and postnuke.php files are just authentication modules we use to authenticate a user if they are running postnuke or nuke and have selected that forum as the integration. They are our files and coding and not that of the affected program

Your host can read this response if he chooses.

mlucek
March 2nd, 2005, 01:40 PM
The simple thing to do is just remove those files:

/forums/nuke.php
/forums/postnuke.php

since they are not used if you're using the vb3 integration. In fact it's probably a good practice to remove any unused files from your webserver.

jstarkweather
March 3rd, 2005, 04:20 PM
Kind of sounds like you need a new host. :(

That was really lame of them.

Jim

Chuck S
March 3rd, 2005, 05:55 PM
I would have charged them for damages deleting files that they dont have a right to

HobbyTalk
March 3rd, 2005, 10:31 PM
If you read any host's TOS they pretty much have the right to do anything to your files/web site and you agree when you sign up to indemnify them from any and all liability for any reason.

Chuck S
March 4th, 2005, 06:54 AM
Well yes you are right but there is a catch22 here.

They need to backup everything they delete usually in the case they are wrong. They deleted a totally separate application which is not the application they were after just because there was a filename with nuke in it in that directory. The proper course would have been to investigate the issue I would think. But hey they can do whatever they want and most likely if a host ever did that to me I would be somewhere else fast.

They obviously did not investigate and just arbitrarily started deleting.

HobbyTalk
March 4th, 2005, 01:17 PM
Yep, I agree that maybe what they did was not correct, but they can't have a lawsuit filed against them because of it. People and companies make mistakes all the time. Some would rather err on the safe side rather then putting 1000s of customers at risk - "the good of the many outweighs the good of the few, or the one"

Chuck S
March 4th, 2005, 02:45 PM
Isnt that from a Star Trek movie LOL

Star Trek II I beleive

b6gm6n
March 4th, 2005, 06:01 PM
why are all odd numbered star trek movies crap? - anyways....sorry for butting in :)

-T