HomeNotesSecurtiy Problem at Dolphin 6.1.2 ?!

realmasterd

1417 days ago in 
Tags: problem, security
Reactions: 31 comments 8 points0 reports
 
 

Securtiy Problem at Dolphin 6.1.2 ?!

hello from germany.

we think that dolphin 6.1.2 have a security problem!
some of german webmaster dolphin websites are hacked.

we have found this information:
http://www.astalavista.com/index.php?section=exploits&cmd=details&id=6128

antivirussoftware have found a trojaner in
\plugins\safehtml\templates.php

here the code from this file:
http://test.tunelife.de/template.txt

all access and some other thinks go to this e-mail adress:
r57ssh@gmail.com

we hope that somebody can find a solution.

greetz
http://dolphin-forum.eu
Plus
CommentReport
 

Plussed by

 
 
 
 

Comments

Oldest First
|
Threaded
 
 
Please login to post a comment.
jerry79
jerry791417 days ago
 
Hi,
well, i dont got template.php in this directory.... So i can find it.
Any yes, the link which you post to open the file, results in a warning from AV...

Greets
Jerry
PermalinkReplyPlus0 pluses
jerry79
jerry791417 days ago
 
LOL funny a "Thumbs down" for replying and saying what i see n got...
Do you know how many sites have been hacked?
Pls let us know or give us some examples.
Maybe there is a corrupted installer file anywhere on the net and these guys downloaded it.
Cause the user with the mail above is doing that shit on other plattforms also. Check google for this.
For me, i dont find anyhting about it, also not such a file... But tonight ill download my whole dir and scan it.
So from my side: No, see more risk from original package.
PermalinkReplyPlus0 pluses
realmasterd
realmasterd1417 days ago
 
hello,

we connected the webmaster to know about 3rd mods/plugins.
for example, html in comments or something else..

if i have more i write this ;)
PermalinkReplyPlus0 pluses
realmasterd
realmasterd1417 days ago
 
feedback:
first webmaster have this mods/plugins:
calendar, safehtml, tiny_mce

second webmaster have original dolphin version without any mods/plugins!

both was hacked.
PermalinkReplyPlus0 pluses
realmasterd
realmasterd1417 days agoin reply to realmasterd
 
here a screenshot after hack:
http://www.pictureupload.de/originals/pictures/090708153724_Unbenannt.jpg
PermalinkReplyPlus0 pluses
IceHoff
IceHoff1417 days ago
 
Yep!! Have seen that too...
I've just put a "Deny from all" in the directories concerned by the security hole.
PermalinkReplyPlus0 pluses
jerry79
jerry791417 days ago
 
Ok, i scanned the original dolphin package for gmail... Only results from authors.
Also i didnt found any templates.php inside there.
The plugins which you listed are original one which you got from the package.
So, maybe the hackr came through another hole on the server to it. As i remember, Dolphin was checked and branded as hack safe....
I think, that he maybe used a wrong mod or somethingelse. Do you know which kind of mods he installed on the server?
PermalinkReplyPlus0 pluses
crswsystem
crswsystem1417 days ago
 
But it can not, we have no mods installed and our firewall shows no attacked from the outside, so it can only from the original file pack.
PermalinkReplyPlus0 pluses
shaneed
shaneed1417 days ago
 
I also wonder how is that possible. Dolphin has got Hacker Safe, that means it should be safe, right? Or who knows who are this guys from Hacker Safe; maybe they just take money from people and don't do nothing. I was called by them so many times if i want their service. They sounded so insisting...
PermalinkReplyPlus0 pluses
jerry79
jerry791417 days ago
 
Well, maybe then you got the package from another side.
Yet, now, i dont know which exploid they can use to put the file through dolphin to your server...
Also it think, that then they must be a lot moreguys who got hacked. Cause when you are able to get in a system, then you are looking for another one, and its easy to search google for peeps who are running dolphin...
Its just my mind...
But we will see what a offical from boonex will say..
PermalinkReplyPlus0 pluses
shaneed
shaneed1417 days ago
 
If not a Dolphin security hole that Boonex omitted then must be a mod you installed that made Dolphin unsecure. Can be also from your hosting. There are some phantom hosting that are dealing with unimaginable things. I also experienced it on my own. Or just maybe because your hosting is on a Windows platform but not Linux? Because on Windows servers you cannot setup file permissions.
PermalinkReplyPlus0 pluses
mikesta
mikesta1417 days ago
 
I just know about three sites having problem since today, so there are mods installed, but as described on www.astalavista.com, there are some security holes.

And using them is not the hardest way. Just go to youtube and search for RFI hack und you will find a huge amount of detailed descriptions to hack sites like dolphin within a few minutes.

I think there should be some coder work done to make it safer.
PermalinkReplyPlus0 pluses
DosDawg
DosDawg1417 days ago
 
this is my opinion, and i could be wrong. but i have seen this script before. the c99 used to have a blackwidow as a logo image.

what i believe, is that this person who had their site hacked is on a shared and in being a shared server, and this would be injected with no trace of it being used. since it would be loaded on an account that is on the server, you can then browse certain files that would give up parameters that would allow injection via of remote shell but its not remote its a php see more shell, and be able to cause these problems.

if any of you have ever been involved in wordpress, phpnuke, post nuke, e107, joomla, drupal, b2Evo or any other open source script, you have seen this same attack, and from what i know about this c99 remote shell attack its mostly on shared servers, or where you downloaded something from somebody, or allowed uploads on your site, and this was placed on your server.

specifically is dolphin vulnerable, i suppose all scripts are, and the time spent trying to secure them is astronomical. i just googeled c99 shell script, and there are 190k returns, so this is not new to dolphin, i didnt read anything that would determine what makes one site or one server more vulnerable than the next, but my point in hand is this remote shell is a well known hack amongst kids.

well i hope this sheds some light on the situation.

later,
DosDawg
PermalinkReplyPlus0 pluses
Technoman
Technoman1417 days ago
 
well from what i was told by someone today who knows alot more then myself about security

as i have 2 VPS servers myslef ( running LINUX )

the provider who runs these servers

"he says that any VPS server your running on can be hacked from inside from another user since most VPS servers are shared with alot of users" ...

=====

this is my thought on VPS

VPS servers are shared by alot of different users and if you plan on hosting a big site
( i would not recommend using see more VPS as everyone is hogging the memory on that server)
with example 10 people on 1 VPS just imagine how much RAM is being chewed up at 1 time because its being shared

====

( the best thing is to have a dedicated server )
+
no one shares or hogs the memeory as this machine is strictly yours like a home computer * everything is dedicated to you* )

im just telling you what ive been told about security with VPS
and hopefully this will help realize dont always think cause your hosting on a shared server that your safe cause your more at risk depending on all sorts of situations and just because the price is cheaper for VPS servers means that theres pros and cons about the whole thing ....

go with a Dedicated Server ( pay 10$ more but everything is dedicated to you )

example
29.99$ VPS Server
39.99$ dedicated Server <--- ( this is what i would choose )
PermalinkReplyPlus0 pluses
DosDawg
DosDawg1417 days agoin reply to Technoman
 
just asking a question because this only happens every time you come around. are you tagging every post i have on here with a negative vote? you can be honest, i wont eat ya or nothing. if it is you, please refrain, if not, then carry on. but i know without a doubt that before you came in here and posted, i had one thumbs up on that post.

holla,
DosDawg
PermalinkReplyPlus0 pluses
DosDawg
DosDawg1417 days ago
 
techno where you finding dedicated boxes for 40 bux a month? lol, i spend 225 a month for a dedicated box, maybe the managed has a little to do with that price, but a good server and good support staff are hard to come by. i found one and it costs money for good skills and good equipment.

later,
DosDawg
PermalinkReplyPlus0 pluses
Technoman
Technoman1417 days ago
 
There are dedicated servers out there for the same price as a VPS these days - some start as low as $29 a month!!!

Generally, a dedicated server is better than a VPS - they are the same amount of work to maintain - and at least with a dedicated one, you have 100% of the system resources 100% of the time.

Dont forget when paying 29$ a month for a Dedicated Server your not going to recieve unlimitted BANDWIDTH
( thats for sure ) ...
PermalinkReplyPlus0 pluses
Technoman
Technoman1416 days ago
 
as low as

19.99$ a month for a DEDICATED SERVER

http://www.millenniumdata.com/BUSINESS/Business-Default.asp?include=Business-Dedicated-Servers.asp

ive used them before with
Windows Server 2003

29.99$ ( dedicated server ) i used this 1 before and it worked great i was able to hold 1000 users ( video chat ) another chat program
with no problems at all

i recievded 1000gb of bandwidth a month
( very good for that price )

go take a look at that site ....

alot of my friends see more use it cause i told them about it
PermalinkReplyPlus0 pluses
Technoman
Technoman1416 days ago
 
http://www.millenniumdata.com/BUSINESS/Business-Default.asp?include=L1GAMER.asp

instead of windows server 2003 they have been replaced with windows xp for the same price

i used there 59.99$ also which is alot more BANDWIDTH
PermalinkReplyPlus0 pluses
Technoman
Technoman1416 days ago
 
there 29,.99$ a month for xp pro ( dedicated Server )
is a good machine
in my oppion windows xp pro is much faster then windows 2003
PermalinkReplyPlus0 pluses
sammie
sammie1416 days ago
 
i also pay $230 a month for a dedicated server, i have never looked back, as with VPS and any shared hosting. a hacker can just get an account and he has access to every site thats on the shared host or VPS. none are secure.

you get what you pay for. and that is what people dont understand, a dedicated server for $50 is an old slow server but idea for running a few dolphin sites from it.
it would give you the skills to move up as your sites become popular. so for once i agree with technoman. see more and he gets a thumbs up for once
PermalinkReplyPlus0 pluses
Splinter
Splinter1416 days ago
 
friends, could someone reproduce the hack? I am a little bit scared to try the POC links from Altavista in my own installation in order not to infect my server by myself ... ;-)
PermalinkReplyPlus0 pluses
Show more comments »
 
 
 

Site Search

Market

Notes

Websites

 

About BoonExTermsPrivacyContacts© BoonEx (ACN 127966581)

PET:0.077205896377563