Author: computerz » Tue Aug 29, 2006 3:21 pm
Michaelo I see what your first patch is doing. Its preventing access to root level folders above the public_html.
However, I think you're missing the fact that they're not writing directly to the root folders until they first have access to write to the "upload" folders: (album_mod/upload & images/avatars)
These are folders, which when set to 777, the hackers upload Perl scripts (eggdrop IRC bots). Once they connect to the scripts in these folders, they then use suExec or some other means to assume root level priviledges.
So as you can see, I really believe these patches are futile, because once they get the perl scripts in the upload directories and connect to them and assume root priviledges, they can then bypass the integramod scripts altogether and destroy, rewrite, or whatever they want to do on the server as root.
We need a means to not only filter them from the root, but also from the upload directories.
I'm still going to apply these patches, but I'm not going to change my folder permissions just yet though.
Last edited by computerz on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.