illegal upload

wfcmod · September 14th, 2007, 12:13 PM

Today I got the message from my host that some illegal content was being uploaded to my server in the data directory. It was placed in a folder called active-paypal. There were scripts uploaded to the account by user "nobody".

I'm running pp5.5. I didn't understood that the upgrades so far include major security issues. What would be your suggestion to prevent this? I customized the templates pretty much so I upgrading is a pretty big task. I am running the latest vbulletin version. Not many additional plugins are installed.

Chuck S · September 14th, 2007, 12:58 PM

well 5.5 should be fine however your data directory is 777 and must be for uploads to work so are you integrating with vb? Some more info would help because there are no known holes in our software holes in other programs can be used and users can upload to any directory on your server that is 777 and those are the types of issues we have seen. Example being Michael on of our developers runs a vb integrated photopost and sound much the same thing going on and tracked it back to a big in FLASHCHAT which is a hack for vbulletin.

wfcmod · September 15th, 2007, 02:19 AM

Thanks a lot Chuck! Good to hear that there are no known holes in PP5.5! I will continue to search in the vbulletin forums what my options are to prevent this from happening again. I just updated the vbuletin to 3.6.8 but maybe I have to revert some templates and update some plugins. I'll continue my search

Chuck S · September 15th, 2007, 10:13 AM

ah yes good old vb hacks. I bet if you disabled your plugins and removed any bacl software you found off the server this would not happen again.