|
11-25-2009, 12:09 PM
|
|||
|
|||
Security Bug
Hi,
Just to let you know that someone found a way for uploading files on a subdir of vshare2.7, precisely on admin/logs/files. I think is a security bug of Vshare, there were about 3 giga of big dimensions copyrighted files there in zip or rar format. This caused a lot of bandwidth consumption. I checked htaccess of that dir, here it is: Code:
order deny,allow <files ~ "\.(php|php.*|sphp|php3|php4|php5|phtml|cgi|pl|shtml|dhtml|html|htm)$"> deny from all </files> <files ~ "\.upload.html$"> allow from all </files> <files ~ "^\."> deny from all </files> For the moment I modify htaccess adding this RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC] RewriteRule \.(gif|jpg|js|css)$ - [F] I've also password protected that dir, it seems to work. ;-)
__________________
>>> TAKEOFFTUBE Worldwide Aviation Videos <<< >>> FISHEYE TELEVISION Fishing Videos <<< >>> TUBE YOUR PET! Funny Pets Videos <<< Last edited by ramius; 11-25-2009 at 05:20 PM. 
|
|
11-25-2009, 07:51 PM
|
|||
|
|||
|
You need to check the server logs to identify how the hacker able to upload files. Lot of sites are getting hacked with FTP hacks.
Experts: Gumblar attack is alive, worse than Conficker | Security - CNET News If you check the files/folder created by hacker you will get the date and time. Now need to check the server log, ftp and apache to see what happend on that time.
__________________
vShare Hosting, vShare Installation, Server Setup, Lighttpd streaming, vShare Templates install@hostonnet.com
|
 |
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
