eMoneySpace
Welcome, Guest. Please login or register.
Did you miss your activation email?
News: Earn your money online safely here at eMoneySpace. Jun 28, 2022 03:35 AM




Aurora hack vulnberabilities.
Print
Author Topic: Aurora hack vulnberabilities.  (Read 18311 times)
ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Aug 15, 2010 04:10 PM

There are three different aurora security holes that allow full access not only to your script, but to your whole server. Hackers can simply query your script for full database access, and a simple htaccess trick combined with an admin vulnerability will give them root access.

Currently I am a bit busy patching up some friend's sites. Once this is done I will post a patch for everyone else. I've left a few tips below.

1. If you're on a shared host you have a higher chance of getting hacked. It's much easier to get root access.

2. Make sure you have the following settings on your server, otherwise it's much easier:
Safe_mode= on
safe_mode_gid = Off
open_basedir = directory[:...]
safe_mode_exec_dir = directory[:...]
expose_php = Off
register_globals = Off
display_errors = Off
log_errors = On
error_log = filename

If you own your own VPS or dedicated, set this through PHP settings and not .htaccess. If you're on a shared host, .htaccess is your only chance.

3. Protect all your important directories with a password. Block all IP addresses from your MySQL and cPanel except yours.


Doing the above should keep you somewhat protected as long as you're running the latest patched PHP 5 version.
« Last Edit: Aug 19, 2010 10:13 PM by ptcpay » Logged
Addons
Reputation: (+10)
*

Offline

Gender: Male
Posts: 2179
Referrals: 3


View Profile WWW
Reply #1: Aug 15, 2010 04:20 PM

Thanks to let us an attention of that....

But we r here lots of, who have less knowledge about that, we need a proper solution from JT or other expert like u..

thanks again a lot for this sort of post. i personally love more security & unbreakable everything....  thumbs up
Logged

Lead Capture Page, Email Template, Image Croping/removing Background etc... PTCevolution, Gen4, Aurora GPT, Xeon, Zeus (Template, Banners)
Legit Sites
Reputation: (+16)
*

Offline

Gender: Male
Posts: 818
Referrals: 2


View Profile WWW
Reply #2: Aug 15, 2010 04:22 PM

Just got hit and so did another site on my sever. Will be having rylee look into it Smiley
Logged


ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #3: Aug 15, 2010 04:24 PM

it's not rylee's fault, he provides settings that are fine, mostly. The extra settings above are not because of him but because the script is not at all secure.
Logged
Legit Sites
Reputation: (+16)
*

Offline

Gender: Male
Posts: 818
Referrals: 2


View Profile WWW
Reply #4: Aug 15, 2010 04:26 PM

My post was nothing agaisnt rylee all I meant was I will link him to hear and get him to check it out and make sure it won't affect his severs + get him to fix the settings on mine Smiley
Logged


ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #5: Aug 15, 2010 04:29 PM

I know, just clarifying Wink. I'm working on this as I want to help all the site owners. If anyone who got hacked can send me their apache server logs I can do more.
Logged
Legit Sites
Reputation: (+16)
*

Offline

Gender: Male
Posts: 818
Referrals: 2


View Profile WWW
Reply #6: Aug 15, 2010 04:30 PM

I don't know how to get them but you can surely have mine if they will help out and you tell me how to find them
Logged


ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #7: Aug 15, 2010 04:32 PM

http://www.cyberciti.biz/faq/apache-logs/

Follow that Smiley. Rylee is the only one who can get it probably.
Logged
Addons
Reputation: (+10)
*

Offline

Gender: Male
Posts: 2179
Referrals: 3


View Profile WWW
Reply #8: Aug 15, 2010 04:50 PM

http://www.cyberciti.biz/faq/apache-logs/

Follow that Smiley. Rylee is the only one who can get it probably.

understand nothing... out of my range  Wink
Logged

Lead Capture Page, Email Template, Image Croping/removing Background etc... PTCevolution, Gen4, Aurora GPT, Xeon, Zeus (Template, Banners)
Legit Sites
Reputation: (+16)
*

Offline

Gender: Male
Posts: 818
Referrals: 2


View Profile WWW
Reply #9: Aug 15, 2010 04:57 PM

lol same
Logged


ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #10: Aug 15, 2010 04:58 PM

It's fine, I'll get one Wink.
Logged
clickinator
Reputation: (+8)
*

Offline

Posts: 1377
Referrals: 0


View Profile WWW
Reply #11: Aug 15, 2010 05:11 PM

what do you exspect for $20 and anyways hacker trap can protect you from this   Smiley
Any one trys changing anything blocks the there ip instantly
« Last Edit: Aug 15, 2010 05:16 PM by clickinator » Logged

ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #12: Aug 15, 2010 05:14 PM

what do you exspect for $20 and anyways hacker trap can protect you from this   Smiley

No it can't Wink. Hacker trap checks the URL construction of a query, but I can just send the query through the IP of the site instead of the domain and it's completely bypassed.  Smiley
Logged
clickinator
Reputation: (+8)
*

Offline

Posts: 1377
Referrals: 0


View Profile WWW
Reply #13: Aug 15, 2010 05:18 PM

Okay when my site launches u can try mine to see how good GREENSQL is because its protects from most sql injection commands

would sanitizing all forms help?

Is this attack by the forms ?
« Last Edit: Aug 15, 2010 05:36 PM by clickinator » Logged

ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #14: Aug 15, 2010 05:34 PM

Sanitizing forms only works when you don't have security holes. If you have a hole, the only way to fix it is to patch it.
Logged
Print
 
Jump to:  
Copyright © 2008-2022 eMoneySpace. All rights reserved.