Note to self: stay the fuck away from TubeCGI... the guy who made it knows absolutely nothing about computers.

Ok, please explain how a hacker who cannot get in thru SSH or a script or a server port can write to any directory.

I would like to know this.

Didn't the wordpress hacks etc... all involve the script accepting data from an html page and then executing it, which is a no-no. They fixed that issue as soon as they realized the mistake.

I'm serious, please explain. I'm not being sarcastic. If you have this information then please share it so people can protect themselves.

Yeah, they can do plenty without shell access but doesn't it mostly involve feeding something to a script that executed it and they gain access that way.

They could flood the old version of SSH and cause integer overflow which allowed them server access without a password.

What have you seen that was different then that?

I mean, if you know then don't keep it a secret and let us all get hacked.

http://resources.bravenet.com/articl...php_script s/


Have a good day.

Hi just an update on what has happened The tech guys sent me this

This appears to be telnet script which allows the user to remove files. I have disabled these scripts from the cgi-bin and blocked the connecting IP. I am also showing that this user connected to the toplist scripts,
If this script is not being used, I would recommend removing the toplist scripts from your account.

I had an idea it was this stupid topsite script that caused it, the name of the toplist is "Best Top List" so stay away from it it is bad news

BTW The IP address is showing up from Mauritius
Africa but whois is to know that this is their real IP but glad they sorted it :thumbsup

that shit hurts! sucks

It's all about maximum security.

The reason you always set permissions as low as possible is so that, for example, you have some added security against badly written scripts.

Every programmer knows, or should know, that mistakes can and will slip through. By using security at every level, you can prevent those mistakes from becoming disasters.

You use low permissions for the same reason you don't keep unencrypted user passwords in your database: to make sure that if someone manages to slip through, he can do as little as possible.

From your own damn link:

Yeah its a pain in the arse but most of it was my own fault for installing a crappy script in the first place, it has taught me not to use free scripts and from what i saw of the script that was deleteing my pages it was actually looking for files, it had commands like this

'find suid files'
'find config* files'
'find all writable files'
'find all writable directories'
'find all service.pwd files'
'show opened ports'

and a load more, Im not gonna post them all here

Pretty mad but I have learned a good lesson from this, like i would never get hacked, its always somebody else, and anyway why would someone hack a small site like mine so just watch what scripts you install

If I had left my chmod permissions alone or changed them back to their original settings he would have most probaly only deleted my index page and not my whole website

Stop reading things on internet you don't understand.

Spock:"We warp'd through the time-space continuum into another dimension by utilising tahion colision in the wormhole"
Sortie:"....True"

There is no reason what-so-ever for a cgi script to use those commands except to hack your server.

Free scripts aren't the problem, it's when hackers put that stuff in the free script and tell you they wrote it. Don't get copies of scripts from anyone except the original source because it's their reputation they are protecting that makes the script safe.

:1orglaugh

I agree with you there, this script was downloaded from a php script website about 5 months ago , and i cant remember what bloody website it was.