Hi all.

phpBB forums are now the new target for the hackers... many phpBB based sites are being defaced in these days.

Most of the problems are related to REGISTER_GLOBALS, but today I've discovered a new issue.

One site has being hacked trough the CACHE folder which has 777 permissions... so a file has been modified in there and the site defaced.

I suggest to put HTACCESS in your CACHE folder and try to set 775 as CHMOD for both CACHE and files in there...

Everything should continue to work, but your files should be protected from this kind of attacks. If you're having problems after changing CHMOD put everything back to 777.

I've also patched another couple of files... in some days we will have a new XS release... more secure than the older one...

If you discover some other types of security issues, please, notify me.

Thanks.

Since the cache files are generated by XS the user and group who own those files are "Apache" and not me, so I'm not able to chmod the files I think I can chmod them by a script but not by ftp.

Hi MG,

as i told you yesterday on MSN. i have had probs with that... later i tried again. but it doesnt work.

I still have problems with that an get an blank page, so I set it back to CHMOD 777

cya

KugeLSichA wrote: [View Post]

I still have problems with that an get an blank page, so I set it back to CHMOD 777

I was going to post that exactly... I need to have it chmodded 777

I don't know, but i put HTACCES in CACHE folder but with CHMOD 777, performance was low, maybe was the server, maybe not, but i leave it on 777

ok as a sexurity expert i suggest one thing:

Do you have protection against perl exploits?

These perl exploits are ran from the cmd and usually get in through the bb codes features

How would i know this? One of my friends sites make them..

TheLastLegion wrote: [View Post]

ok as a sexurity expert i suggest one thing:

Do you have protection against perl exploits?

These perl exploits are ran from the cmd and usually get in through the bb codes features

How would i know this? One of my friends sites make them..

Yes... I've discovered just 3 days ago one hole in BBCodes, and I should have fixed it. I'm testing the whole things before releasing it as a patch!

Regarding your expertise... do you want to cooperate with us for making XS more secure?

I've made a lot of test but the .htaccess code is deleted again

I'm considering to use the cache process to creata the two files at the end of process for empting the cache.

(on my server I can deny access to the directory on httpd.conf)

Antonio Mercurio wrote: [View Post]

I've made a lot of test but the .htaccess code is deleted again

I'm considering to use the cache process to creata the two files at the end of process for empting the cache.

(on my server I can deny access to the directory on httpd.conf)

Did you try setting HTACCESS permissions to 555?

Mighty Gorgon wrote: [View Post]

Antonio Mercurio wrote: [View Post]

I've made a lot of test but the .htaccess code is deleted again

I'm considering to use the cache process to creata the two files at the end of process for empting the cache.

(on my server I can deny access to the directory on httpd.conf)

Did you try setting HTACCESS permissions to 555?

Yes .. I think that the user WEB can override the chmod setting (maybe is set as a near admin).
I'm going to write in httpd.conf a directive for that directory.

I mean: in my webspace the process made by Apache is owned by the user WEB

(I'm also considering to migrate the cache in a directory inside cache so the .htaccess will be a level up related to the cached directory)

The stranghe thing is that another modded that uses part of the sistem cache doesn't remove the index and the .htaccess

What is strange is that the function EMPTY CACHE of eXtreme Style doesn't delete the HTACCESS... it should be some other function...

I'll look into it and let you know.

Mighty Gorgon wrote: [View Post]

What is strange is that the function EMPTY CACHE of eXtreme Style doesn't delete the HTACCESS... it should be some other function...

I'll look into it and let you know.

I think is the cache system of IM portal but only the pseudo cron setting that clear the directory.
I'm hunting the ,htacces killer

I should have fixed this in dev package...

Try replacing this files in includes.