Recent Hacking Discussion (continued...)

Author: **dan0042** » Sat Sep 02, 2006 7:36 am

Thanks top man

Author: **evolver** » Sat Sep 02, 2006 2:19 pm

"Michaelo";p="14814" wrote:I will redo this post to clarify what I intended but basically the code at the bottom goes between the
// BEGIN Style Select MOD

(all code between these comments)

// END Style Select MOD

comments ie replace this: (all code between these comments) with the code at the bottom...

Mike

It's obvious for coders, but I think that this can indeed mislead many users... :wink:

I mean by replacing
(all code between these comments) with
(REPLACE all code between these comments)
The word REPLACE will catch the eye...

Author: **Michaelo** » Sat Sep 02, 2006 11:23 pm

<img>

Author: **adbasque** » Sat Sep 02, 2006 11:41 pm

and finally i read about "register globals being on or off" where exactly do i need to turn it on and off?
I'll let Michaelo answer that one.. I dont remember.. I think it's a statement in the .htaccess?

Thanks for trying to help me, i found out where to turn it on and off
in php.ini, and there are few options aswell you can turn on and off such as safe mode etc.. of course providing you are running your own server, but if you are using a hosting service, then you probably need to ask them, cause i believe you won't have access to php.ini, as for the .htaccess file, i know you can deny or allow certains things but i am not sure if you can turn on and off the register_globals.

I do have one question though i run ssl would that help as an extra layer of security or wouldn't it make any difference?
i don't think it would make a difference personally because most of these so called hackers use mostly sql injections which a completely different route they take to access to your database and files.

I do have couple hacking scripts, such remote injection exploit, i can post them, but i don't want them falling in the wrong hands, so if it would help the Devs, i can probably post half of each script.

that would probably help them.
let me know if you guys want to have a look at them.

Best regards to you all

Author: **tekguru** » Sun Sep 03, 2006 12:39 am

"Michaelo";p="14806" wrote:Confirm the functions.php edit are as per 2nd post here (second edit in functions.php)...

They are but the problem is still there unfortunately. Any way I can email you the file for you to take a quick look at it?

Author: **adbasque** » Sun Sep 03, 2006 12:59 am

Hi Tekguru

I am sorry, but who was your reply to loll
<img> ?

If it was meant to someone else my apologies lol

Take care

Author: **tekguru** » Sun Sep 03, 2006 2:39 am

It was meant to be to Michaelo.

No since making the rev 06 fixes to functions.php I'm getting users reporting:

"The 4WM home page just has a message box under the normal 4WM header saying ÃƒÆ’Ã‚ ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€¦Ã¢â‚¬Å“Could not find style name 0.ÃƒÆ’Ã‚ ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€š

Author: **tekguru** » Sun Sep 03, 2006 2:42 am

My 'problem' causing file is online at:

http://www.4winmobile.com/func_prob.zip

Hope someone can help!

Author: **tmotley** » Sun Sep 03, 2006 7:18 am

"adbasque";p="14832" wrote:i know you can deny or allow certains things but i am not sure if you can turn on and off the register_globals.

I'll vouch for it being possible. Putting

Code: Select all: php_value register_globals 0

in my .htaccess file sets my local value to No while the master value obviously stays unchanged. (Just looking in phpinfo)

All recent security edits in place and register globals off combined with daily backups and I'm breathing easier.

Author: **Michaelo** » Sun Sep 03, 2006 8:21 am

[quote=""tekguru";p="14841""]
It was meant to be to Michaelo.

No since making the rev 06 fixes to functions.php I'm getting users reporting:

"The 4WM home page just has a message box under the normal 4WM header saying ÃƒÆ’Ã‚ ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€¦Ã¢â‚¬Å“Could not find style name 0.ÃƒÆ’Ã‚ ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€š

Author: **tekguru** » Sun Sep 03, 2006 8:42 am

That was a secondary issue which was fixed by resetting all users to use the default style.

We still get the 'Hacking attempt' messge though when we try to change style via either the changer of via command line as per:

http://www.4winmobile.com/portal.php?s=Mobile

So any more ideas?

Author: **honie** » Sun Sep 03, 2006 12:47 pm

Ok, I applied the patches & it made my site got "white" .. I really dont want to continue getting hacked everyday. Any ideas?

Author: **Vadar** » Sun Sep 03, 2006 12:55 pm

From personal experience I highly recommend that you get a pristine copy of functions.php and then apply the fixes to that. I had similar problems due to adding the final fixes to a previously "fixed" copy of functions.php (I had been modding it along the way as things were posted.) As soon as I took an unmodded copy of functions.php and applied the latest fixes, everything worked. Don't know if it was my inperfect application of the fixes or a conflict with an earlier fix, but if you haven't tried this I recommend you start with it.

Author: **tekguru** » Sun Sep 03, 2006 2:06 pm

It might be the way to go, I was thinking of that, as IIRC the only Mods applied are those for M2F, and they are easy enough to add in.

Author: **Oracle_SOD** » Sun Sep 03, 2006 5:22 pm

our site was also hacked numerous times and i dont have time to mod php files and would rather just dump a clean install of IM Portal (we have had too many speed issues with Integramod)

so my question would be,
Have these fixes been applied to the IM Portal and Integramod download files ?

and if not, when will they be ?

Recent Hacking Discussion (continued...)

reply

Re: Recent Hacking Discussion (continued...)

Re: Recent Hacking Discussion (continued...)

Re: Recent Hacking Discussion (continued...)

reply

Who is online