LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-22-2005, 05:49 AM   #1
mole_13
LQ Newbie
 
Registered: Mar 2005
Location: philippines
Posts: 13

Rep: Reputation: 0
Talking my mambo has been hacked


hi everyone,

i just recently installed my slack box, the installed a webserver with mambo 4.5.2 running on it.u

i just make a check routine that somebody has placed a folder in the mambo/media folder and filled it with his files.

how can i prevent such things to happen?

merci.
 
Old 11-22-2005, 05:55 AM   #2
fouldsy
Senior Member
 
Registered: Jan 2002
Location: St Louis, MO
Distribution: Ubuntu
Posts: 1,284

Rep: Reputation: 47
A ton of things. Check the tutorials section for general security settigns to lock your Linux box down such as preventing FTP, increase the Apache security by checking over permissions on your hosts, or, the most obvious, follow the Mamba instructions with regards to applying security permissions on the relevant files + folders so they can't be manipulated across the net.
 
Old 11-22-2005, 06:51 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,406
Blog Entries: 55

Rep: Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578
The "most obvious", next to proper system hardening, would be to be on the Mambo, SecurityFocus, Linux Security or Secunia mailinglist. You would then have seen this coming (SF BID 15461).
 
Old 11-23-2005, 07:13 AM   #4
mole_13
LQ Newbie
 
Registered: Mar 2005
Location: philippines
Posts: 13

Original Poster
Rep: Reputation: 0
Smile

hi all!

thanks for your reply.

i would just like to ask since im a newbie, how did he get into my box through mambo?, port 80 is the only open port
in my box.

does this mean there are problems for apache?, and PHP (talking of security).

anybody heard of Zope?

thanks in advance for your inputs.

really appreciate it.
 
Old 11-23-2005, 10:35 PM   #5
di11rod
Member
 
Registered: Jan 2004
Location: Austin, TEXAS
Distribution: CentOS 6.5
Posts: 211

Rep: Reputation: 32
Quote:
Originally posted by mole_13


i would just like to ask since im a newbie, how did he get into my box through mambo?, port 80 is the only open port
in my box.

These web applications like Mambo can allow a person to execute code by crafting devious URLs that pass commands to the PHP interpreter. In your case, it sounds like Mambo itself was comprimised in that the attacker created a privileged Mambo user account and then uploaded some files within Mambo. Might not mean they escalated the linux user privs, but you will need to check that out yourself. Do a search with rkhunter to see if you've been rooted.

di11rod
 
Old 11-25-2005, 01:30 PM   #6
lin4me
LQ Newbie
 
Registered: Nov 2005
Location: India
Distribution: RedHat EL 4
Posts: 2

Rep: Reputation: 0
Get a security patch from mambo site. I think this was a security compromise through the media manager of mambo and has been addresses in the lastest release/patch.
 
Old 11-26-2005, 03:23 AM   #7
mole_13
LQ Newbie
 
Registered: Mar 2005
Location: philippines
Posts: 13

Original Poster
Rep: Reputation: 0
Thumbs up

yes your right.

he installed some malicious files in my media folder at mamo.

thank you so much.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Mambo Newsflash wwnexc Linux - Networking 0 10-18-2005 08:53 AM
Mambo & MySQL wwnexc Linux - Networking 1 10-04-2005 06:01 PM
Mambo wwnexc Linux - Software 2 10-01-2005 01:50 PM
how to use mambo aroop Linux - Software 1 03-20-2005 01:23 PM
mambo server, need help! EvILHaCk Linux - Newbie 1 11-22-2004 11:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration