I just entered my WSNLinks page on the site and found that 2 days ago a hacker was able to overwrite the index.php file, leaving a simple defacement message with his "signature" in place of the index page.
I checked my server logs and there was no unusual activity at the time of the hack. Could he have done it through the script itself?
There is a known exploit in versions prior to 3.3.7 which allows a hacker to upload arbitrary files including PHP files which they can use as an interface to write to other files that are chmoded to allow writing. This doesn't give them access to index.php unless you chmod it to 666, but it seems more likely you're misstating the location and it was actually a template which the hacker overwrote.
All customers were told to apply the fix in late February. The basic edition has not yet been updated (non-customers always falling low on my priorities), but you can protect yourself meanwhile by making sure you have no directories chmoded to 777 (meaning attachments will not work).
3.3.9B is now available. Everyone should upgrade to it for security, and check your /attachments/ directory first to see if there are any php files in it (if so, you've already been hacked).
0/5
1
2
3
4
5
This thread is closed, so you cannot post a reply.
Comments on index.php was hacked
Beginner
Usergroup: Member
Joined: Dec 21, 2004
Total Topics: 2
Total Comments: 5
I just entered my WSNLinks page on the site and found that 2 days ago a hacker was able to overwrite the index.php file, leaving a simple defacement message with his "signature" in place of the index page.
I checked my server logs and there was no unusual activity at the time of the hack. Could he have done it through the script itself?
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
There is a known exploit in versions prior to 3.3.7 which allows a hacker to upload arbitrary files including PHP files which they can use as an interface to write to other files that are chmoded to allow writing. This doesn't give them access to index.php unless you chmod it to 666, but it seems more likely you're misstating the location and it was actually a template which the hacker overwrote.
All customers were told to apply the fix in late February. The basic edition has not yet been updated (non-customers always falling low on my priorities), but you can protect yourself meanwhile by making sure you have no directories chmoded to 777 (meaning attachments will not work).
Member
Usergroup: Customer
Joined: Sep 27, 2005
Location: Canada
Total Topics: 12
Total Comments: 32
I just got hacked also, what was your index.php changed to?
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
3.3.9B is now available. Everyone should upgrade to it for security, and check your /attachments/ directory first to see if there are any php files in it (if so, you've already been hacked).