Pages

Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts

Monday, September 17, 2012

Recent Joomla! Compromise Might Affect You

We are noticing a string of Joomla! compromises, and we wanted to share some details for those running the Content Management System (CMS). This current exploit is affecting the following versions of Joomla :
  • 1.6.x
  • 1.7.x
  • 2.5.0-2.5.2
  • 2.5.4
  • all earlier 2.5.x versions
 
The compromise begins with the attacker registering a user, and then escalating that user’s privileges to an administration level. In every case, we noticed the attackers add a user with a Gmail™ address beginning with xxxtxxx and the user name of alexaalexa.
Once the attackers have their user on the account, they typically come back a few days later and edit the error.php file to create a script that allows people to upload content anonymously. A few days after the creation of the file upload script, the attackers come back again and uploads the following file s:
  • rp.php
  • indx.php
  • stph.php
  
This attack is extremely malicious, and the stph.php file performs other aggressive attacks against other networks. To see if your site is affected, run the following query :
  
SELECT u.username AS username, u.email AS email, g.group_id AS group_id

FROM jos_users u, jos_user_usergroup_map g

WHERE u.email LIKE ‘xxxtxxx%’

AND u.id = g.user_id

  
If the email matches xxxtxxx, the user name matches alexaalexa, and the group_id is either a 7 or 8, your account is compromised. Group_id 7 is associated with the Administrator group, and group_id 8 is associated with the Super Administrator group. As a general rule, users do not have these permissions.
  
  1. If affected, we recommend taking the following actions:
  2. Remove the uploaded files, and then restore the error.php file to its original content.
  3. Remove any users with the group_id of 7 or 8.
  4. Update Joomla to the latest version.
  5. Update all themes, plugins, and extensions to their latest versions.

Thursday, July 5, 2012

How to Handle the Google Attack Page

When you see the dreaded Google attack site warning, you should immediately email to : "hostmaster (at) centriohost.com" - Be sure to include your domain name because we will need to locate the virus that caused the issue and take steps to clean and secure your account.
 
Note: This warning will only happen in Firefox because Mozilla has a relationship with Google. Google cannot actually change your website. They can only give you a warning that they detected possibly malicious scripts on your site. You will need to get your account cleaned and secured before Google will remove the warning page.
 
Once the account has been cleaned and secured, please request a delisting through your Google Webmaster account. This is not something that CentrioHost can do for you. The excerpt below was copied from Google, and gives you step by step instructions to request a delisting.
 
From Google's Website:
 
http://www.google.com/support/webmasters/bin/answer.py?answer=45432
Once you have reviewed your site and are sure it is clean, you can can submit a request for review. Note, you will need to verify site ownership before you can request a site review.
  1. Sign in to Webmaster Tools with your Google account.
  2. On the Dashboard, select the site you want.
  3. On the Overview page, click Request a review and follow the instructions.

Tuesday, June 12, 2012

Learn How To Remain Secure On-Line

Security has always been a persistent issue on internet. We are never sure about safety of our personal information. The security issue has advanced to a new level recently with lot of identity theft, fraud, hijacking and hacking activities being carried out frequently. One of the main reason for these activities are carelessness or ignorance of users. The bad guys out there want users to make some mistakes so that they get a chance to steal information and cause damages. In this article, we will cover such  security issues, what actually may cause them and suggest ways around such issues.
 

Unprotected networks

Unprotected networks are too prone to hijacking and information theft. Since the network does not work on encrypted  protocols, the hackers can easily invade your privacy and get into the system to read your incoming and outgoing data and your passwords. They can take a look at the devices and folders on the network if users do not configure their systems properly. Wireless networks mostly suffer from this problem of secured sessions.
 
There are many programs and applications for hijacking of unencrypted Facebook, Twitter, and even Amazon credentials from other users on the same Wi-Fi network. You might have heard of Firesheep, a Firefox add-on which can do that. More recently, there is FaceNiff - an Android application which can hijack of Facebook, Twitter or Amazon sessions very easy. It lets the hackers sniff from your computer and intercept credentials if you are on any unprotected network.
 
So, we should be concerned about the networks on which we work. We should always use the protected networks working on HTTPS Protocol. Next time you log on to a public Wi-Fi take care of security thing.
 

Suspicious Links

There are links all around - in emails, on websites that you use visit. All these links are not meant to be visited. Many  links make you do things that you would not even suspect about, such as - download malicious softwares, enter your credentials etc. Such softwares can attack your system. Entering your credentials at such places can get your accounts hacked.
A major problem with this is arises because of URL shortners. Many URL shortning services have come up because of services like Twitter and Facebook.
 
There are many ways to detect such links. For example -
 
  • Use Google Safe Browsing to scan any website for suspicious/malacious link. Use the link "http://www.google.com/safebrowsing/diagnostic?site=XYZ.com" to scan any link.
  • Use online link scanners -they list the scan report generated by AVG, PhisTank, Site Truth and Google Safe Browsing and other reliable sources to help us decide the overall report of the URL in question. For example - Online Link Scan.
  • Use any antivirus in your system which use antispam filter, scan web traffic etc. to protect you when you are working online.
  • Be careful of links on Facebook and Twitter which seems spammy. If you are suspicious of the link, do not click on them.
     
If you are in habit of clicking any links you see, take into account that you can land up in disturbing situation. Better think before you click.
 

Password Vulnerability

Quite often we are not careful about the passwords that we choose. Passwords must be created strong. The more obscure we choose a password, the tougher it will be to crack.
Here are some tips for creating safe passwords -
  • Do not use easy to guess and general terms for passwords (like your phone number, street name, pet's name etc.)
  • Pseudo-random alpha-numeric combination- Mix letters, numbers and symbols, and use alphabets with different cases.
  • Try not to use the same password for every site for which you create an account.
  • Do not hesitate to create a long password, but at the same time memorize it.
  • Try to change your password at regular intervals - say 90-100 days.
     

Role of Web Browser

Web browsers that you choose can help you shield your information from getting breached. Secure browsers lead you to have secured sessions. Certain tweaks in your browser can help you remain safe.
 
Browsers as Firefox and Google Chrome can be considered reliable as they provide many security features. They will warn you of possible threats. With Safe Browsing technology enabled in Chrome, it will show you a warning message before you visit a site that is suspected of containing malware or phishing. Firefox also shows such warning messages.
 
  • If you are suspicious of any information being used later then you can simply clear the browsing history.
  • Use antivirus which integrates with your browser to detect the threats on line (like- when you download any software).
  • Private Browsing in Firefox and Incognito mode in Chrome allow you to browse the Internet without saving any information about which sites and pages you’ve visited.
  • “Keep My Opt-Outs” Chrome extension and Do-not-track feature in Firefox help your browsing behavior not getting tracked by third party so it adds to your safety and privacy.
     
You can choose browser of your own choice. But be sure you get enough security feature (like the above discussed) from your browser.
 
The ways discuss here will surely help you to remain safe when you are online. It's you to make sure you take wise steps for your safety. After all safety is one's basic concern.
 
Do you use any other security measures? Do share them.

Friday, May 13, 2011

Many Security Holes in the Microsoft Frontpage extensions

In recent days we noticed that many people suffering for hacking activities with their site, and they migrate on CentrioHost only to prevent their site from being hacked. We already post some article for them how to prevent site hacking. We just recently noticed that web-hosts offering FrontPage Extensions on their site also get hacked now-a-days :( Here we explain about this issues....
 
 
First of all, Frontpage is brain damaged (just have to set the stage).

Ok, Frontpage works like this when you want to publish files:

It tries to GET "http://www.yourdomain.com/_vti_inf.html".  This file contains the version of the FP extensions and the path on the server where the extensions are located. When you use Frontpage to upload content, it will try and fetch this file, if it can, it then tries to POST to :
"http://www.yourdomain.com/_vti_bin/shtml.exe/_vti_rpc" (that's the default).

This server binary is not password protected, so it is able to post a query to it.  The first thing it does is just establish a protocol rev in which the client and server are going to talk, and what functions the server provides.

If you have any people using Frontpage, it's likely that they FTPed the _vti_inf.html from their home machine up to your site.  Then they tried to publish, and it tried HTTP first.  If HTTP fails, it just kicks over to FTP as the publishing protocol (and notifies the user that they can't use WebBots and stuff).

Incidentally, I have a passion to hate the FP extensions.  They are fundamentally stupid in nearly all respects of implementation.

Firsly, they maintain a crapload of meta files (one shadow for every file managed) then they have all of their config info in a bunch of text files in the _vti_pvt directory.  (Oh, BTW, there exists a very HUGE privacy hole in the FP extenstions).  If you go to a site that has FP extensions, just pick any directory in the URL, yank the filename off, and put "_vti_cnf" there instead...you'll get a complete listing of all the files in the real directory.  With this you can snatch files that weren't meant to be seen by the public...and it's available on ALL FP enabled sites.

Hmm, I've contributed a "privacy bug" now. :)

Want to know an even cooler hack?  Want to break into Frontpage enabled sites?

Just snarf the "administrators.pwd" and "authors.pwd" file in:

"http://www.yourdomain.com/_vti_pvt/administrators.pwd"

That'll net you the password file for the web.  Just convert it properly and run Crack on it to obtain a useful password for defacing web sites!

Want even more???

Frontpage 98 fucks up the permissions so bad that it makes the _vti_pvt directory WORLD WRITABLE!!! No shit, you can do whatever you want to stuff in that directory.

Hmm, I love incompetent nitwits that think they can buy someone elses crappy Unix shit and sell it as their own!!! :)

Oh, you know why all the directories begin with "VTI"???

"Vermeer Technology Inc". The people the M$ bought for Frontpage. :)
____________________________

Never Use FrontPage Extensions, your site can be easily hacked then !! We dont offer this Extensions, however if you migrate your site from other server, these files will be come to your new site from other host. Also if you upload with FrontPage software, its also makes these directory on your public_html folder and hackers can easily hack your site - Security Dept, CentrioHost.com
 

Blogger news

Blogroll

About