Site Hacked in 1 day!!

**valkster** · 06-07-2004, 04:22 PM

XLWEBLIST if anyone want to take a look. Definite security hole somewhere. This is bad!!

**valkster** · 06-07-2004, 04:27 PM

Ahh, I see. They added a weblink with a huge image. Creative!

**valkster** · 06-07-2004, 04:33 PM

OK anyone else had this issue before. EDITED FOR SECURITY of their choice. This wreaks havoc with the website, but it is not a security issue, just an issue with the make up of the script. I could do this right now to anyones INDEXU script that I can tell. Has this been discussed before?

Ohh this is the hackers site http://www.radziowiel.republika.pl/

**esm** · 06-07-2004, 04:53 PM

Originally posted by valkster
Definite security hole somewhere. This is bad!!

make sure you have deleted the create_admin_user.php file from the tools folder on your server

delete any unknown admin users from the idx_users

delete the install.php from the main folder ( where browse.php is located )

**valkster** · 06-07-2004, 05:01 PM

Tools was never uploaded, install.php was gone the second after its use. Admin folder is password protected.

Anyways here it is. The site was not hacked. A user is not required to validate themselves via email to post a link. Soooo ......EDITED FOR SECURITY....... I found the bogus user in the admin section and deleted them easily. Checked the MySQL table to make sure.

This is not a security flaw but an easy annoyance for people that do not have every link verified by an editor. I do not wish to have to do this, but I just may have to. I am sure this flaw will be exploited in the next day or so if not in the next 10 minutes on my site.

How many people let links go through without ANY verification? I am curious.

**esm** · 06-07-2004, 06:09 PM

Originally posted by valkster
How many people let links go through without ANY verification? I am curious.

I would not allow any submission without verification. but if you were in sort of controlled environment, then then it might be OK

**valkster** · 06-07-2004, 06:18 PM

Should I contact you via PM on this exploit. I do not want to dicuss it on the open forum. It is an easy exploit and I do not know how it has slipped by over the years, perhaps it hasn't.

**esm** · 06-07-2004, 06:35 PM

i would certainly be interested in what you have found...send me a PM

**valkster** · 06-07-2004, 06:38 PM

PM away . . .

Let me know what you think via this topic.

**valkster** · 06-07-2004, 08:05 PM

esm did you want to code this fix or should I contact the author.

**esm** · 06-07-2004, 09:20 PM

if you want to test it, I will send you the code.

**valkster** · 06-07-2004, 09:27 PM

Absolutly. I feel this is a major issue for many and whatever you came up with should be distributed in a patch ASAP.

anyways support@xlweblist.com is an email for me.

**valkster** · 06-08-2004, 10:12 AM

That fix works well. I have changed to editor approval also. I was getting some pretty bad links on their automatically.

**esm** · 06-08-2004, 04:57 PM

yep, unless I was sure of who will be submitting links, I recommend approval first.

**dody** · 06-20-2004, 11:39 PM

Anyways here it is. The site was not hacked. A user is not required to validate themselves via email to post a link. Soooo ......EDITED FOR SECURITY....... I found the bogus user in the admin section and deleted them easily. Checked the MySQL table to make sure.

Please pm me, i'd like to know how it's hacked. Thanks.

Thread: Site Hacked in 1 day!!

Thread Tools

Display

Site Hacked in 1 day!!

Re: Site Hacked in 1 day!!

Similar Threads

Site Submission to 750,000 search engins

Linked site in a frame ?

My site has been hacked!

Addition of a framed return to site on top

Posting Permissions