Sub Menu
Links Menu
Online Users

In total there are 352 users online :: 2 registered, 0 hidden and 350 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Google [Bot], Majestic-12 [Bot] based on users active over the past 60 minutes

functions_portal.php file just disappeared

This is where youll find security related information.
Discuss Integramod/phpbb security issues here.

Moderator: Integra Moderator

functions_portal.php file just disappeared

PostAuthor: mspringgay » Sat Jan 12, 2008 7:19 pm

Has anyone else experience the functions_portal.php file disappearing? I don't know what happened could be host issue but my functions_portal.php file simply disappeared tonight. Hadn't been making any changes.

Any how just wondering if I am missing a security fix ? I am still running 1.4.1.
Last edited by mspringgay on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

mspringgay
Newbie
Newbie
 
Posts: 24
Likes: 0 post
Liked in: 0 post
Joined: Mon Mar 27, 2006 7:10 pm
Cash on hand: 0.00

Re: functions_portal.php file just disappeared

PostAuthor: CaNNon » Sat Jan 12, 2008 10:26 pm

htaccess and chmod control what they can see and delete.
The security stops exploits, injection that kind of thing.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: functions_portal.php file just disappeared

PostAuthor: mspringgay » Tue Jan 15, 2008 7:37 pm

Seems my site was exploited to host a phishing scam by adding something into includes/cache_tpls .

Now in my previous post I meant to indicate I was still running 1.4.0. It appears I hadn't applied the security fixes suggested under "Recent Hacking Discussion".

So my question is do folks think I will be safe from this sort of attack if I apply those changes and look at adding the .htaccess files suggested in another post to the 777 directories?

I know that applying 1.4.1d would be the better option but not sure I have the time to train crackertracker at this time.

Thansk in advance for any advice given.
Last edited by mspringgay on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

mspringgay
Newbie
Newbie
 
Posts: 24
Likes: 0 post
Liked in: 0 post
Joined: Mon Mar 27, 2006 7:10 pm
Cash on hand: 0.00

Re: functions_portal.php file just disappeared

PostAuthor: CaNNon » Tue Jan 15, 2008 11:44 pm

Code: Select all
# access only from inside site.order deny,allowdeny from allallow from localhost 127.0.0.1


That will only answer to the local host (your server) and that the only thing that needs access to your cashe. As long as the don't have high enough access to change it your covered.

You can also add this [url=http]http://www.integramod.com/forum/viewforum.php?f=23[/url]
it has a nice security feature that updates from inside it.
Still I would not run with out CT, It really catches a lot, but your right it needs some time to get it setup to your needs.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00

Re: functions_portal.php file just disappeared

PostAuthor: mspringgay » Wed Jan 16, 2008 4:59 am

Thanks CaNNon!

I'm not clear which mode in that forum you linked to your referring to. Can you let me know the name. Thanks!

So you gather I should be OK with 1.4.0 with your .htaccess suggestion and the changes to prevent the phpbb_root_path exploit ? I just need to ensure what I put backup doesn't get hacked immediately or my host will be none to happy. But would like to get the site up and then look at the CT upgrade.

Thanks again!
Last edited by mspringgay on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

mspringgay
Newbie
Newbie
 
Posts: 24
Likes: 0 post
Liked in: 0 post
Joined: Mon Mar 27, 2006 7:10 pm
Cash on hand: 0.00

Re: functions_portal.php file just disappeared

PostAuthor: CaNNon » Wed Jan 16, 2008 10:26 am

No htaccess is not going to stop all exploits!

phpbb_root_path exploit


Example:
If that address your site and asks a file/mod to do something with your cashe, it will be seen as it was from "local host" and it will have access.

I was sending you to the look at the crawltrack software. It's a package and kind of stand alone. I has a nice little security package included and would be of help to you.
Last edited by CaNNon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
Image
User avatar
CaNNon
Sr Integra Member
Sr Integra Member
 
Posts: 750
Likes: 0 post
Liked in: 0 post
Joined: Thu Apr 19, 2007 11:15 am
Cash on hand: 0.00


Return to Forum Security

Who is online

Registered users: Google [Bot], Majestic-12 [Bot]

cron