Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I may have been cracked. yippee!



i've just looked over the xoops specific files and there's lots of 
failed email attempts, lot's of failed upload errors, automated attacks 
on modules i didn't even have installed and attacks on modules i do have 
installed.

also found this:
XOOPS Multiple Module Spaw_Control.Class.PHP Remote File Include 
Vulnerability
from: http://www.securityfocus.com/bid/24302/info

they already know about it at xoops.org but i would wager there's 
hundreds of vulnerable websites out there.  easy pickings.

i've finally got off my butt and deleted that cms from my server.

this brings me to my next question, are there any php / perl based cms's 
out there that have some type of automatic update or security alert 
feature?  how about one that also includes updates for modules?  now 
that even grandma can install a cms it would seem such a feature would 
be very beneficial.

eric c.  slightly tampered with but not really cracked. (yet)

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org