Hey guys my site got hackaed again for 3rd time this week or what ever you can call it. My Server is shut down and This is what my server provider wrote me.
Your webspace has been attacked via a security leak in the software you
installed. As a result of this attack, a phishing site has been uploaded to your
1&1 webspace
(contract: 18828871). These sites are used to steal login information for eBay,
PayPal, bank accounts etc. The site was to be found at:
ray\modules\global\inc\lloydstsb\customer.php?ibc=customer.ibc
Any one had this problem before or recently? Any Suggdestions or help so this will not happen future?
|
What dolphin version are or were you running? There have been some hack issues with 6.1.3 and under. They claim they have fixed this or solved this in 6.1.4. Although I don't believe any site to be hacker proof it's all about keeping an eye on things. Reading up on security and trying new methods of security. And no I don't believe you need a dedicated server or vps. I have had no hacks on a shared server. I do some security enhancements to .htaccess in assorted folders. I watch my files and folders, I do take many hits from sites or ip's up to no good and trying to hack my site, but so far I haven't had a single issue. Again I do follow security issues more than most. I backup more than most, and I talk nicely to my site. I don't think the talking nicely helps too much, but it makes me feel better.
gameutopia
DialMe.com - Your One and Only Source For Boonex Dolphin Tutorials and Resources |
I uses two sites with the version 6.1.2 and a dedicated server for some time now. I have no attacks to now.
Also I use the .htaccess system on all my dirs... Kids first |
I had the same problem. Someone hacked my site a month ago and installed folder/files for the purpose of steel information pertaining to ebay/paypal.
I still have the zip file they uploaded. lol
After that one day hack i received an email the next day either from ebay or paypal(i think, ebay owns paypal) asking me to send them any available log files to investigate. The whole thing was untrusted so never did send anyone any log files.
This all happend when i was running dolphin 6.1.3.
|
I have 6.1.4 version.
These files were used to upload the malicious content or send spam:
./-biblive-/plugins/safehtml/
safehtml.php
./-biblive-/ray/modules/global/inc/lloydstsb/customer.php
./-biblive-/ray/modules/global/inc/blog.php
./-biblive-/ray/modules/global/inc/_db.inc.php.php
./-biblive-/ray/modules/global/inc/ru.php
./-biblive-/ray/modules/global/inc/r57.php
./-biblive-/images/system.php
./-biblive-/images/blogs.php
./social_exec/images/feedhell.php
|
Can you detail or link us to the security measures?
What dolphin version are or were you running? There have been some hack issues with 6.1.3 and under. They claim they have fixed this or solved this in 6.1.4. Although I don't believe any site to be hacker proof it's all about keeping an eye on things. Reading up on security and trying new methods of security. And no I don't believe you need a dedicated server or vps. I have had no hacks on a shared server. I do some security enhancements to .htaccess in assorted folders. I watch my files and folders, I do take many hits from sites or ip's up to no good and trying to hack my site, but so far I haven't had a single issue. Again I do follow security issues more than most. I backup more than most, and I talk nicely to my site. I don't think the talking nicely helps too much, but it makes me feel better.
gameutopia
|
sammie can pipe in as she gets around to it. gameutopia, you are correct, the script does not have to be hosted on a dedicated server or vps, that is recommended for performance, not security. now where this gets into a security problem is when you are on a shared host who has register_globals turned on. since php says they are a security risk, to have them on, all hosts know they should be turned off, or the server is at risk for a remote file attack. dolphin stipulates that the script should be ran on a server with register globals off, if you choose to run the script with register globals on, then you put yourself at risk. if you didnt know your server had register globals on, you put yourself at risk. the problem is not with the script, but with where you host the script. leave the $1.99 hosting environment, and get a real account to host your dolphin site. no it doesnt have to be dedicated or vps, it can in fact be shared, if the server is setup to run a dolphin script.
look folks, this is the last time i am going to comment on any dolphin site being hacked, lets put this in perspective, if you buy a car, and the manufacturer tells you the car best performs with 50w motor oil and premium unleaded gas, and you see that 20w oil is cheaper and you can better afford 85% ethanol, the car may very well crank and run, but when it blows up, is this the auto manufacturers problem? NO, so get a f---ing clue, if boonex has recommendations, excluding their HFW adverts, then you should at least understand that when it blows up in your face, it was not the script. it was your choice, and you choice is what got the site hacked.
later,
DosDawg
When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
Thanks Sammie, by the way i never mentioned anything about being in $1.99 hosting environment  Where you got that from i don't know DosDawq, but thanks for tips and useful info! |
I feel the need to point out the glaring inaccuracies in numerous comments about the server environment0 being constantly to blame, rather
than the code. (I won't name the posters, but it's easy to figure out who with a simple wander through the forums)
Whilst it's often true that there are a
number of ways that hackers and script kiddies can gain access to
insecure servers, however, more often than not, the code is to blame.
Having looked through the code inside dolphin, I'm shocked by the vast
number of security holes it has "baked in" - if users are constantly
confounded by problems with register_globals, why don't boonex tighten
up the code to ensure that variables are initialised cleanly, rather
than assuming that register_globals will be turned off? Better still,
why not start by unsetting any variables registered by register_globals
at the start of the script - many examples can be found at
http://uk.php.net/register_globals - just 5 lines of code would stop
this problem dead.
Dolphin suffers in a number of
other areas too - user inputs are frequently not cleaned, leaving the
site open for CSRF, SQL injection and a whole number of other
exploits. It doesn't help that it's written in PHP4 - which as you
should know by now has been declared end-of-life by the PHP group.
All
sites have potential security holes, but the majority of "good"
developers will be mindful of potential pitfalls, ensuring that all
best practices are taken to minimise this risk. I've worked for and
with some of the top web design agencies in the UK, have spent hours of
my life attending security seminars, PHP users groups, and even longer
reading security updates (google for Chris Shiflett for a great example
of security related posts).
It's all to easy to blame
the hosting environment on the problems, but the truth of the matter
is, burglars would much rather break into a poorly locked house than a
secure fortress. In this case, dolphin seems to have forgotten the lock entirely. I await the inevitable flamewar that'll follow from this - but I hope the developers will take something away from this post when they read it (even if it's just how to lock down the pesky register_globals problem).
|
I use 1&1 ... for the most part like any other shared host has it's limitations ... your problems as it was mine also is you need to add this line to your php.ini file.
AddType x-mapp-php5 .php
my understanding is if this is not in your script somewhere then you are realy using php4 since 1&1 uses both. This will force you to use php5...
the tech at 1&1 explained that dolphin has scripts that can be comprimised if this line has not been added... so I added it then I installed the updates to dolphin and I've been good so far... been up and running fine for months now ...
I wish to note that Sammie again is correct ... script's not setup correctly on dnunion's part 1&1 servers are working just as they want them to. This should not have been posted here but adressed with 1&1's tech support... it was an easy fix.
|
