Hack on my Site
| Author |
Message |
albanialove
Joined: Dec 13, 2004
Posts: 83
|
 Post subject: Hack on my Site
Posted: Tue Jan 31, 2006 7:05 pm |
 |
it was a redirect on my site from webalbania.com to vlora.it
The system has register this..
On /index.php
While executing query "INSERT INTO cms_msanalysis_online ( time, uname, agent, ip_addr, host, domain, modulename, scr_res, referral, ref_query ) values ( '2006-01-31 18:07:02', 'Guest', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Sgrunt|V109|17|S191239928|dial; EnergyPlugIn; dial; XBE|29|S04037620801143; (R1 1.5); snprtz|S04045866603162)', '192.168.203.11', '192.168.203.11', '11', '', '1024x768x24', 'www.webalbania.com', 'name=Your_Account&profile=roni">alert('foo')' )"
the following error occured: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'foo')' )' at line 1
In: /home/httpd/vhosts/webalbania.com/httpdocs/modules/DF_MSAnalysis/mstrack.php on line: 101
Guest information:
User id: 1
Username: Anonymous
Admin: No
IP: 80.105.110.114
Host: host114-110.pool80105.interbusiness.it
This was the first register and the second
On /index.php
While executing query "INSERT INTO cms_msanalysis_online ( time, uname, agent, ip_addr, host, domain, modulename, scr_res, referral, ref_query ) values ( '2006-01-31 18:18:20', 'Guest', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Sgrunt|V109|17|S191239928|dial; EnergyPlugIn; dial; XBE|29|S04037620801143; (R1 1.5); snprtz|S04045866603162)', '192.168.203.11', '192.168.203.11', '11', '', '1024x768x24', 'www.webalbania.com', 'name=Your_Account&profile=anyone">alert('vlora.it_siti_me_i_me_mire')' )"
the following error occured: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'vlora.it_siti_me_i_me_mire')' )' at line 1
On /index.php
While executing query "INSERT INTO cms_msanalysis_online ( time, uname, agent, ip_addr, host, domain, modulename, scr_res, referral, ref_query ) values ( '2006-01-31 18:20:51', 'Guest', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Sgrunt|V109|17|S191239928|dial; EnergyPlugIn; dial; XBE|29|S04037620801143; (R1 1.5); snprtz|S04045866603162)', '192.168.203.11', '192.168.203.11', '11', '', '1024x768x24', 'www.webalbania.com', 'name=Your_Account&profile=anyone">location='http://www.vlora.it/';' )"
the following error occured: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.vlora.it/';' )' at line 1
so when i try to open my web site the adress make on vlora.it
now is ok,but for the next they can do anymore time???
_________________
webalbania.com
albanialove's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2 |
|
| Back to top |
|
 |
musox
Joined: Apr 20, 2004
Posts: 325
|
Post subject: Re: Hack on my Site
Posted: Tue Jan 31, 2006 7:56 pm |
|
I'm having a hard time understanding how this is a hack. I am concerned as I maintain DF MSAnalysis and if there is an exploit, I want to know and fix it ASAP.
The error is comming from the double quote after &profile=anyone. That is ending the INSERT query.
- MusOX
_________________
../musox.com
Hosted by: Site5.com
musox's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux / 1.3.39 / 4.1.22 / 4.4.7 / 9.2.1 |
|
| Back to top |
|
|
DJ Maze
Joined: Apr 19, 2004
Posts: 5628
Location: http://tinyurl.com/5z8dmv
|
Post subject: Re: Hack on my Site
Posted: Tue Jan 31, 2006 8:40 pm |
|
There are 2 exploits here:
SQL: the data inserted into the query is not escape_string()end
XSS: someone links to index.php?name=Your_Account&profile=roni">alert('foo') and tries if that opens up a security exploit.
example: dragonflycms.org/index...ofile=roni">test but as you see it fails here.
DJ Maze's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora 12 / 2.2.15 / 5.1.47 / 5.3.3 / CVS |
|
| Back to top |
|
|
musox
Joined: Apr 20, 2004
Posts: 325
|
Post subject: Re: Hack on my Site
Posted: Tue Jan 31, 2006 8:42 pm |
|
As long as the issue is not with DFMSA, then I'm happy that we use Dragonfly. 
- MusOX
_________________
../musox.com
Hosted by: Site5.com
musox's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux / 1.3.39 / 4.1.22 / 4.4.7 / 9.2.1 |
|
| Back to top |
|
|
albanialove
Joined: Dec 13, 2004
Posts: 83
|
Post subject: Re: Hack on my Site
Posted: Wed Feb 01, 2006 9:05 am |
|
today they have do the something....
Help me
_________________
webalbania.com
albanialove's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2 |
|
| Back to top |
|
|
DJ Maze
Joined: Apr 19, 2004
Posts: 5628
Location: http://tinyurl.com/5z8dmv
|
Post subject: Re: Hack on my Site
Posted: Wed Feb 01, 2006 9:17 am |
|
albanialove wrote:
today they have do the something....
Get rid of MSA
DJ Maze's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora 12 / 2.2.15 / 5.1.47 / 5.3.3 / CVS |
|
| Back to top |
|
|
albanialove
Joined: Dec 13, 2004
Posts: 83
|
Post subject: Re: Hack on my Site
Posted: Wed Feb 01, 2006 9:44 am |
|
i have Get rid msa but the same...
_________________
webalbania.com
albanialove's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2 |
|
| Back to top |
|
|
DJ Maze
Joined: Apr 19, 2004
Posts: 5628
Location: http://tinyurl.com/5z8dmv
|
Post subject: Re: Hack on my Site
Posted: Wed Feb 01, 2006 12:13 pm |
|
1. i'm a visitor and don't see your XSS vulnerable block
2. server specs ?
3. browser ?
4. which non-certified add-ons are installed ?
DJ Maze's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora 12 / 2.2.15 / 5.1.47 / 5.3.3 / CVS |
|
| Back to top |
|
|
albanialove
Joined: Dec 13, 2004
Posts: 83
|
Post subject: Re: Hack on my Site
Posted: Wed Feb 01, 2006 11:07 pm |
|
I'm on linux server.
Database: MySql
browser: for the moment int.Explorer
The same problem have all users....Is a really redirect on this site.
Today i have speak with director of host where i am and he have see the something..redirect.
The redirect is maket on all the files includes on MySql database so all on DragonFly
The "Hacker" has do a redirect for all the day...
every 30 min he do redirect for 3-5 min.
Probably broadcast?
So we want to know if is a server problem or Dragonfly?
_________________
webalbania.com
albanialove's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2 |
|
| Back to top |
|
|
DJ Maze
Joined: Apr 19, 2004
Posts: 5628
Location: http://tinyurl.com/5z8dmv
|
Post subject: Re: Hack on my Site
Posted: Wed Feb 01, 2006 11:20 pm |
|
Dragonfly version ?
User info block version ?
Other block that shows "Who is where" ?
Cos i've tested and the exploit he uses does not work on stock items.
DJ Maze's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora 12 / 2.2.15 / 5.1.47 / 5.3.3 / CVS |
|
| Back to top |
|
|
albanialove
Joined: Dec 13, 2004
Posts: 83
|
Post subject: Re: Hack on my Site
Posted: Wed Feb 01, 2006 11:36 pm |
|
are all the newest versions Dragonfly 9.0.6.1
on January 24, 2006 i have update the site because i have change server so this where i am
dragonflycms.org/Forum...14628.html
_________________
webalbania.com
albanialove's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2 |
|
| Back to top |
|
|
albanialove
Joined: Dec 13, 2004
Posts: 83
|
Post subject: Re: Hack on my Site
Posted: Thu Feb 02, 2006 8:54 am |
|
if u try in a few moments you can see the redirect...
www.webalbania.com
_________________
webalbania.com
albanialove's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2 |
|
| Back to top |
|
|
albanialove
Joined: Dec 13, 2004
Posts: 83
|
Post subject: Re: Hack on my Site
Posted: Thu Feb 02, 2006 9:09 am |
|
loock this on my html page:
This are the users online:
2: <a href="index.php?name=Your_Account&profile=KLEOPATRA">KLEOPATRA</a> > <a href="/">Faqa kryesore</a><br />
3: <a href="index.php?name=Your_Account&profile=milano">milano</a> > <a href="/">Faqa kryesore</a><br />
<img src="images/blocks/visitors.gif" alt="" /> <span class="content"><b>Vizitor(ë):</b></span><br />1: <a href="/index.php"> Faqa kryesore</a><br />
2: <a href="/index.php?name=Your_Account&profile=anyone"><script>location='http://www.vlora.it/';</script>"> Your Account</a><br />3: <a href="/index.php?name=coppermine&file=displayimage&meta=lastcom&cat=0&pos=7"> Albumet Fotografike</a><br />
</td>
_________________
webalbania.com
albanialove's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2 |
|
| Back to top |
|
|
DJ Maze
Joined: Apr 19, 2004
Posts: 5628
Location: http://tinyurl.com/5z8dmv
|
Post subject: Re: Hack on my Site
Posted: Thu Feb 02, 2006 11:16 am |
|
Ok i've figured it out.
My firefox encodes the url "> becomes %22%3E but IE and others don't encode it.
Due to this i thought we already covered the issue but it seems we didn't.
Get this fix dragonflycms.org/cvs/h...?v=9.24#85
DJ Maze's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Fedora 12 / 2.2.15 / 5.1.47 / 5.3.3 / CVS |
|
| Back to top |
|
|
albanialove
Joined: Dec 13, 2004
Posts: 83
|
Post subject: Re: Hack on my Site
Posted: Thu Feb 02, 2006 11:43 am |
|
I have coppy only this:
Thax DjMaze you are the best on here.
Roni
_________________
webalbania.com
albanialove's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Php 5.0.4 /MySQL 5.0.26/DF CMS 9.1.1.RC2 |
|
| Back to top |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
 |
User Info ![[x]](themes/dragonfly/images/minus.png "Show/hide content")  Welcome Anonymous
Languages
Community  Support for DragonflyCMS in a other languages:
• Dansk
• Deutsch
• Eesti
• Italia
• Norsk
Testimonials
I just did the phpNuke 7.4 to CPG-Nuke CVS conversion. Was very easy. ... Found everything I needed to help me along the way with a few searches.
The most unexpected and best thing I have found after switching was the increased speed.
I used to think I needed to change hosts--since switching to CPG-Nuke all my users have commented on how much faster pages load
Whit
i was running phpnuke and have almost 30,000 members
apache and sql both running at 99% usage,
server crashed when 50 ppl online,
Host wanted me off shared hosting as many customers complaining i was crashing a p4 3.2
with 2gig ram,
i converted to cpg and now i have less than a 50% server load
cpg saved me $300 USD a month
offshore dedicated servers cost $$
thx guys
one decision i dont regreat is CPGNUKE
Korben
www.datastreamz.net
It's like this - I was working with Oldsmobiles when I was workin with HTML. Then I moved up to Mazda's and Audi's with PHP Nuke. But now my friends I am riding in style with Benz's and Porche's. The diffrence is that noticable immediatly. The Install is so simple once you get it and the site is so secure its like fort knox. Thank you - And you all can expect to see alot more of me around - suggesting ideas and helping where I can. Peace out all - and enjoy newbies. It's really worth it to use CPGNuke.
- Kid_Creation
One thing I've noticed about CPG-Nuke... it is fast and clean. Impressive. One of my 'customers' liked it so much she wanted everything changed to CPG-Nuke!
- valis
awebware.com
The conversion from phpNuke 7.4 to CPG-Nuke (CVS) was a piece of cake. The data conversion took about two hours. Hit a few snags--but nothing a few forum searches couldn't fix.
Probably the best compliment I got from my users--"Did you change hosts?" The speed improvement over phpNuke is quite noticable.
Kudos to the developement team! Thanks for helping me get away from the phpNuke tease.
- Whit
endofropegang.com
Thanks for the Great program! I never regret migrating from PhpNuke. My
site is so much faster and more secure. Now I spend time managing my site instead
of the site software. Keep up the good work!
- Rod
www.gentle.org
Now that we are running CPG Nuke this is the first time I've travelled
without having to worry about hacking, monitoring the site daily, etc. Thanks for
CPG Nuke and everyone that made it possible. We are running a consumer advocacy
site at householdwatch.com and the site is very busy. CPG Nuke is doing the job
and doing it well.
NukeFind
CPG is Fast, Secure & Free
Since installing it's been much easier to work with as an admin.
Better admin features but not as many modules that phpnuke offers.
Built for speed and reliability.
Admin of 3 prominent sites that combined receive 6 million hits annually.
CPGnuke is hands down the best CMS out there.
- djdevon3
I just made the switch to CPG, from phpNuke.
The install was easy, simple when following well written instructions. My site has dramatically increased in speed, it really is a day and nite difference.
Thanks to everyone who is a part of the CPG-Nuke project and for offering this CMS as a great alternative to the other *Nukes.
I look forward to being a part of the community.
Kristin
"I made the switch!"
I managed to stumble onto this remake of phpnuke type CMS and have been VERY pleased ever since... I'm very glad it's the system I'm using to make a web site.
4est
Great sense of community around CPG Nuke!
Thanks for your hard work
Cheers!
roRisc
To the Dev team. You guys rock keep up the good work. Hopefully I'll get good enough at this quickly so that I'll be able to start posting some solutions and tips as well.
Cup-A-Cino
I want to thank everyone who help me to build my cpgnuke, know the final layout look great, makes the user want to register.....thanks alot guys
TRANCEBUDHA
Hey thanks for the quick replies..hehe.. ya I am trying to check out cpg-nuke on the same server.. anyways.. www.sizzle.no-ip.com /ufo just a test site main php-nuke is www.sizzle.no-ip.com and forums www.sizzle.no-ip.com /forums It seems so far that cpg-nuke is quit a bit faster than php-nuke.. thanks again
sixpack
CPG-Nuke and its support community ROCKS!
James D Kirk
CPGNuke is making phpnuke look like hammered dog-crap so far...
Persistence
Just installed the latest version of CPG and I'm lovin' it!
square
love CPG!
Mecro
man i just took a look at the demo ADMIN and you guys truly did a remarkable job.. this blows PHPNuke away...
dirtbag
Thank You, cpgnuke.
Thank You All that are behind that wonderful script.
Truden
Excellent Coppermine with safemod :)
Work fine with safemod
nice Job
Reha
Thank You, cpgnuke.
I am amazed at what CPG Nuke has to offer...
JamesSelvage
Great site. Great software.
ShermD3
Well I got my first CPGNuke site up! (huzzah?) I must say of the 5 site I run, 4 of which are PHP-Nuke sites I'm most impressed
GeoffM
This install was SOOO smooth. Great job guys! I love it!
dcorwin
Hey CPG-Nuke Dev Team!! Wow!!!!...pretty much sums it up.
I love cpgnuke and I've only had it a couple days now.
sabione
Great system you developed here. Thanks !
cwweb
X-links
Preview theme
Each user can view the site with a different theme.
Themes marked with a * also change the forum look.
|
Forum FAQ
Search
Log in to check your private messages
Login
