The script is NOT SAFE

**wdekreij** · 05-14-2007, 10:50 AM

I have just 1 site hosted at my host, the site with the YouTube-clone script by BuyScripts.in..

And it's NOT SAFE! Apparently there are some BIG security issues!

Wanna know what I'm talking about? Go to my site: http://www.cgwatch.com

That's the biggest bug I've found so far! I was running the latest version..

**darrylb** · 05-14-2007, 01:32 PM

Originally Posted by wdekreij

I have just 1 site hosted at my host, the site with the YouTube-clone script by BuyScripts.in..

And it's NOT SAFE! Apparently there are some BIG security issues!

Wanna know what I'm talking about? Go to my site: http://www.cgwatch.com

That's the biggest bug I've found so far! I was running the latest version..

That has absolutely nothing to do with the script. That is a Hosting problem. You need to report that to your hosting company. I am on the same server that you are on...this happen to me a few weeks ago by a different hacker. If they get on your server everything is unsecure. They are usally harmless and your script should be intact and still working.

**admin** · 05-14-2007, 01:51 PM

Have you cheched your server log how the hacker get in ?

Just because your site is hacked, we can't say the script is insecure. You need to check your web server log to know how the hacker got in.

If you have the apache log, let me know, i can look into the problem, few things you need to check are the date of file modification and apache access log in same time.

I don't think this is issue with the script, if it was, it will be our demo site hacked first.

**wdekreij** · 05-21-2007, 06:46 AM

Hi folks, had to go on a litle vacation so I wasn't here for a while..

But I really can't get it away.. Nobody logged in into cpanel (Last login from: [MYIP] in the top).. When I FTP, all files are there and the date is the same as when I uploaded it..

When I delete the index.php, I get a 404 (duh!), but when I upload the index.php (from the original zip file) I get the hacked message.. I really don't know what to do to get this away..

And btw: It only happens at tube-sites I believe, see this: http://www.google.nl/search?q=%22HaCKeD ... l&filter=0

What to do to get this away (and prevent it for the future)?

**admin** · 05-21-2007, 08:06 AM

Can you PM me your site login details. We can only prevent such hacking only after finding how the hacker got in.

**admin** · 05-21-2007, 08:11 AM

The first site is also hosted in same hosting company you are with

Domain Name: BESTXPORNTUBE.COM
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: http://www.melbourneit.com
Name Server: NS37.CIRTEXHOSTING.COM
Name Server: NS38.CIRTEXHOSTING.COM
Status: clientTransferProhibited
Updated Date: 10-apr-2007
Creation Date: 02-apr-2007
Expiration Date: 02-apr-2008

I guess the hacker have an account in same server, not sure if php open base dir is enabled on your server, if not other sites on the server can access files with 777 permission on your server and modify config.php (this file have 777 permission).

You can check your config.php to verify this. If this is what happend, that is not a script problem, it is server security, you should enable open_base_dir on your server, contact server admin to do that.

**admin** · 05-21-2007, 08:12 AM

Check whois of other domains that are hacked, it seems most of them hosted by same provider.

**wdekreij** · 05-21-2007, 08:32 AM

Yeah, I found out about 2 minutes after my post.. I'm in contact with my provider right now, we'll see what they can do..

Edit: You where right! They DID edit my config.php!

**wdekreij** · 05-21-2007, 08:44 AM

I have updated the config.php (and gave it an chmod 644!), but now I get this error:

Fatal error: main() [function.require]: Failed opening required '/include/smarty/libs/Smarty.class.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/***/public_html/include/vshare.php on line 31

Any idea how to fix this?