View Full Version : My Classifieds have been hacked - second posting
March 1st, 2007, 10:52 AM
Ok so my first post disapeared after it was answered.
My original question is how this could happen. I did a search on google and got the following result.
Edited by REDMTNEX: I removed the body of this post.
Is this a huge security hole or what is it?
March 1st, 2007, 10:56 AM
We moved your post in the moderators lounge out of the public eye cause you asked this and we already responded twice that there is no way to uploads a PHP file to our application so it appears they broke in elsewhere on your site and where able to write their file into our data directory because it is 777 permissions which it has to be to allow file uploads. I would suggest you search and see if there are exploits in other programs you use. We have not seen any on ours and the few topics over the years we have seen on this it always comes down to an external program that has an exploit. Our senior developer Michael even had something like this happen to him where they copied a file to his data directory but his investigation led to a flashchat program he used with his vbulletin forum.
March 1st, 2007, 12:59 PM
I never got to see the second answer and I can't get access to where it was moved.
Anyhow I did have a hit counter running in the footer, here is the code below.
I just removed it and will delete out the .php files in the data directories.
So what do you think, was it the hit counter code?
<p align="center"><b><font face="Arial" size="4">Visitors </font></b>
// Hit counter code for Webstat.net
var data = '&r=' + escape(document.referrer)
+ '&n=' + escape(navigator.userAgent)
+ '&p=' + escape(navigator.userAgent)
+ '&g=' + escape(document.location.href);
data = data + '&sd=' + screen.colorDepth
+ '&sw=' + escape(screen.width+'x'+screen.height);
document.write('<img alt="Free Counter and Web Stats" width="0" height="0" border="0" hspace="0" '+'vspace="0" src="http://www.webstat.net/basic/counter.php?i=23342' + data + '">');
<a href="http://www.webstat.net/" target="_blank"><img alt="Free Counter and Web Stats" border="0" hspace="0" vspace="0" src="http://www.webstat.net/basic/track/23342.png"></a>
<noscript><br/><a href="http://www.webstat.net">Free Counter</a><br>The following text will not be seen after you upload your website, please keep it in order to retain your counter functionality <br> <a href="http://www.labairlines.com/" target="_blank">Cheap Airline Tickets</a></noscript></center></p>
March 1st, 2007, 01:36 PM
It is possible I am not familiar with that app. I am sure there are other apps on your site. Just passing along the info as I see it. The only thing our program is going to put in the data directory are image files so if something else shows up there then it seems to be coming from some external app which is merely searching for a directory it can write to
March 1st, 2007, 03:46 PM
And thanks Harry for your phone call this morning.
The other ap I have running is google adsence, can't imagine that playing games. For now I am going to point my finger at the counter code. Every folder that was set to 777 had a numbered .php file written into it. I saved some of them if you would like to check them out.
March 1st, 2007, 03:53 PM
Try deleting all of them and then remove that code and see.
March 1st, 2007, 04:00 PM
Did that. I will give it a couple of days and see if any thing returns.
March 2nd, 2007, 02:06 AM
Actually, I have the same problem that I thought was resolved. Come to find out, some how in my data directory, there are no folders there for ads that are currently up and running. So when I try to edit the ad, it tells me that the /data/#/ is not available. And it isn't when I FTP and look inside. I have another thread that I thought was resolved. I just wanted to chime in because this happen a day ago also.
March 2nd, 2007, 07:52 AM
This is not the same problem as this gentleman is reporting. Your reporting a permissions issue on your data directory and you would need to contact your webhost about this and resolve the issue.
September 24th, 2008, 10:12 AM
I am posting in this thread because of the security theme and the mention of 777 permissions for the data directories.
Is there any lower permission that will work?
What are the exact security risks that I am exposed to as a result of the data directory having 777 permissions?
September 24th, 2008, 06:29 PM
There are no security issues I am aware of having a directory set to 777 as thats needed universally for uploads to work to a server. Only way I have ever seen anyone hacked is when integrating with vbulletin and they are hacked due to a vb hack they where running.
At any rate 755 could work if your host had things worked out right but on most servers one needs 777.
September 25th, 2008, 11:12 AM
Could you please advise me of what to discuss with my host to all use of 755 for the directories?
September 25th, 2008, 11:16 AM
Can you please confirm or deny the following that I fellow programmer shared with me? If this is a valid exploit, please delete or remove this post to a non searchable area to avoid educating the wrong people.
With a photo/data directory set to 777 you are subject to being used as an illegal photo server, including having p o r n pics posted on your site at night and removed in the morning...
September 25th, 2008, 05:17 PM
You need to have the data directory set to 777 for uploads to work.
I cant tell you how to make it work as 755 as I am not a server host and do not know the specifics of what needs to be set on a server to allow that. I just know its possible. your host may know how to do it to allow file uploads etc without directories being 777 but for 99.9% of servers they need to be 777.
vBulletin® v3.8.1, Copyright ©2000-2014, Jelsoft Enterprises Ltd.