Got Hacked...CHMOD 777 Exploit...

CorpSuit · Beginner Joined: Jan 04, 2006 Posts: 5

Ok, I know this is a stupid question, but one of my sites had a malcious eggdrop attack originate from it because of a CHMOD 777 folder.

I know the g2data has to have this. I checked to see who owned php on the server and it said [Nobody] so I am assuming I have to CHMOD the g2data folder.

Is there anyway to patch this vulnerability up? I know there are scripts out there that look for read-write-execute folders...which all of the subfolders of g2data are.

Thoughts?

Thanks!

AdBot

srhh · Beginner Joined: Feb 06, 2006 Posts: 7

I don't know anything about patching vulnerability, but do you have NukeSentinel installed?
It blocks malicious scripts and attacks. It also provides alot of useful info beyond it's protection functions.

CorpSuit · Beginner Joined: Jan 04, 2006 Posts: 5

srhh wrote: › I don't know anything about patching vulnerability, but do you have NukeSentinel installed?
It blocks malicious scripts and attacks. It also provides alot of useful info beyond it's protection functions.

Sweet! I will look into that, I heard NukeSentinel didn't work with Gallery2, something to do with URL writing permissions or something.

srhh · Beginner Joined: Feb 06, 2006 Posts: 7

I remember hearing Sentinel can interfere with the initial installation; if it interferes with Gallery in general, I'd certainly be interested to know more since I *just* installed Gallery on my Nuke site. I'm using a version of Nuke that came bundled with NukeSentinel already installed (RavenNuke 7.6) and on their forums some people have managed to install and use Gallery without a prob. I'll ask around and see if they've had issues with Sentinel breaking the Gallery module and let you know.

dari

your g2data folder SHOULD NOT be in your public_html directory. read the gallery docs.
_________________

srhh · Beginner Joined: Feb 06, 2006 Posts: 7

Whoops. hehehee...Thanks dari. Fixed that. Embarassed

Here's a link on how to move g2data after install:
http://gallery.menalto.com/node/31505?

Anyways, I've asked around and I believe Sentinel was only causing headaches for Gallery 1.x. Version 2.x seems to be working fine for people with Sentinel, myself included.

CorpSuit · Beginner Joined: Jan 04, 2006 Posts: 5

dari wrote: › your g2data folder SHOULD NOT be in your public_html directory. read the gallery docs.

Err not to be a dolt...but then I am assuming when you install the Gallery2, and follow your instructions the location of the g2data is by default:

public_html/modules/gallery2/g2data

Am I to understand that is wrong??

I can't find anything in the instructions that says to move it. Am I just missing something?!?!

dari

they do that because not everyone has the option of placing it outside the gallery 2 directory (some hosts place restrictions). if you read the installer, it recommends that you place it outside the gallery 2 directory, for security.
_________________