intruder files in "data" and "upload" PP folders

adiitworks · May 2nd, 2007, 11:05 PM

I’m running vBulletin 3.6.4 with integrated PhotoPost 5.6.2.

Last night I noticed a bunch of .php files (file name was a string of randomly generated numbers) & modified .htaccess files in the root of number of directories and their subfolders.

Only the folders that had 777 CHMOD were compromised.

I guess my site has been hacked; not sure how.

The folders that were impacted were vBulletin’s Attachments folder and PhotoPost’s “data” and “uploads” folders.

vBulletin support folks have suggested that I move the “attachements” folders below the root of my web site; no problem there.

I’m not sure if I could do the same with the PhotoPost “data” and “uploads” folders?

I don’t think so.

I manually cleaned up the files that were uploaded, but I would like to put measures in place to prevent this from happening again.

It looks like I’m all set with vBulletin – any ideas for PhotoPost?

Any suggestions would be greatly appreciated.

Chuck S · May 3rd, 2007, 09:34 AM

You can not move uploads beneath the webroot and you can move large images underneath the webroot using the storage options but the medium and thumbs must be above the webroot as they are now.

adiitworks · May 3rd, 2007, 02:10 PM

Thanks for confirmation Chuck.

I saw the option to move the original pictures. Great functionality there for people who want to make sure their images are NOT being linked to from another site.

That won’t help me - the 777 directory structure still stays exposed for the bad guys.

This Internet is a crazy place ain’t it?

There’s always someone out there smarter or faster than you.

I’d love to plug this hole if there’s any way to do that.

My vBulletin or Photo Post application didn’t seem to get compromised. After a careful review of permissions and configuration options, I don’t seem to have any silly wide open holes in my own settings. At least not from what I can tell. I referenced a number of “How To Make My Forums More Secure” type of threads…I seem to be in compliance for the most part. I’m currently tightening a couple of things they suggested though – removing Impex folder... I guess I could upgrade to vBulletin to 3.6.5, but I didn’t get that sense of urgency…

Can I password protect “uploads” and “data” directories using .htaccess/.htpassword ? Would that “break” PhotoPost?

Just exploring all my options.