someone is trying and trying to introduce a web inside my web to simulate a bank web to make pishing...
I need to know if this is possible to some parameters that i had configured or if it is possible by a bug of zikula. How can i to avoid this?
--
www.ahorradores.net
Watch
GitHub Core
Show your support for Zikula! Sign up at Github account and watch the Core project!
GitHub Modules
Forum Activity
- krator responded to »Multiple Errors Migrating Dizkus 3,1 to Dizkus 3.2« 18. Jun
- mikebcoffee created topic »Convert modules to 'Gettext'« 18. Jun
- rgasch responded to »Zikula: Not Ready for Prime Time?« 18. Jun
- trichers created topic »Mobile Theme html5 and link with tel:« 18. Jun
- espaan responded to »Interesting jQuery Javascript projects...« 17. Jun
- incasas responded to »Migrating Postcalendar 6.2 to Postcalendar 8.0« 17. Jun
- krator responded to »Error converting RATINGS and WEBLINKS« 16. Jun
Login
someone have introduced a web inside my web to simulate a bank web to make pishing
-
- Rank: Registered User
- Registered: Feb 28, 2010
- Last visit: May 18, 2010
- Posts: 44
Posted: Sep 11, 2011 - 04:28 AM
-
- Rank: Helper
- Registered: Dec 31, 1969
- Last visit: May 07, 2010
- Posts: 584
Posted: Sep 11, 2011 - 02:06 PM
The most likely cause by far is that someone has gained ftp or ssh access to your server. Check your logs, you'll likely see the file transfers and login activity. -
- Rank: Registered User
- Registered: Feb 28, 2010
- Last visit: May 18, 2010
- Posts: 44
Posted: Sep 11, 2011 - 05:45 PM
the access log folder is empty...maybe the hacker has desactivated it? My hosting says that it is a security bug of zikula... this is the 3 time that happen, when that happened in june y formated my computer installed UBUNTU and changed my ftp password but the problem still is happening... How it is possible to install inside of the htdocs a complete web of pisshing through zikula? it is so easy to attack zikula?
maybe the guilty of my problem is my hosting????
I need to solve this, it is a serious problem
--
www.ahorradores.net -
- Rank: Developer
- Registered: Sep 22, 2005
- Last visit: May 20, 2010
- Posts: 296
Posted: Sep 11, 2011 - 11:29 PM
Either htdocs are writeable by the web server software, which it shouldn't be, or they have your ftp/ssh login information. Those are the only options.
The only Zikula directores that should be writeable are under pnTemp (or ztemp, depending on the version), which should have a .htaccess file that disallows .html files.
In short, if Zikula is installed properly it's not happening through Zikula.
if access_log is empty then you really have a problem. -
- Rank: Registered User
- Registered: Feb 28, 2010
- Last visit: May 18, 2010
- Posts: 44
Posted: Sep 12, 2011 - 01:09 AM
hello ccandreva, thanks for answer... why if access_log is empty i have a problem?
--
www.ahorradores.net -
- Rank: Helper
- Registered: Dec 31, 1969
- Last visit: May 07, 2010
- Posts: 584
Posted: Sep 12, 2011 - 01:50 AM
Not necessarily. Look at your server configuration and see where the log is configured to be. You may be looking in the wrong place. It's also possible (but strange) that the access log is disabled.
If the host persists in blaming Zikula, make them tell you what function is insecure, or make them show you the security alert that says there's a problem. They are just passing the buck... -
- Rank: Developer
- Registered: Aug 23, 2003
- Last visit: May 31, 2010
- Posts: 1668
Posted: Sep 12, 2011 - 07:05 PM
Do you have "special" things installed like Xinha plugins or for example Gallery2 plugins? Somewhere in the past I was hacked through a gallery2 plugin that I was not using. And some xinha plugins (like extendedfilemanager) are more vulnerable.
--
campertoday.nl, Module development, Dutch Zikula Community -
- Rank: Registered User
- Registered: Feb 28, 2010
- Last visit: May 18, 2010
- Posts: 44
Posted: Sep 12, 2011 - 07:18 PM
hello, thanks very much to help me... yes i have scribite(xinha) but i have the last version instaled. I will take a look to the configuration....but i would like to know how did you found that the problem come by that modules? i am blind because i cannot to discover where is the hole.
--
www.ahorradores.net -
- Rank: Team Member
- Registered: May 03, 2004
- Last visit: May 31, 2010
- Posts: 515
Posted: Sep 12, 2011 - 10:11 PM
If your hoster blames Zikula for the security problem, he has to proof that with relevant parts of logs. Without them there is no way to find & fix anything. All similar cases so far have turned out to be based on outdated server operating systems with well known security holes, or compromised user/root accounts.
Greetings,
Chris
--
an operating system must operate
development is life
my repo -
- Rank: Team Member
- Registered: Mar 15, 2004
- Last visit: May 26, 2010
- Posts: 129
Posted: Sep 12, 2011 - 10:56 PM
If you are on a shared host, then it is possible that another website that is hosted on the same server has been hacked, instead of yours. Also, if you both share the same IP address, then it may "seem" that it is your site that is the cause of the hack, when in fact it is that other site.
So, your web host should look into other sites which may share the same IP address as yours. -
- Rank: Developer
- Registered: Sep 22, 2005
- Last visit: May 20, 2010
- Posts: 296
Posted: Sep 13, 2011 - 03:52 AM
Even on a shared host, other web sites should not have write access to his web root ! -
- Rank: Team Member
- Registered: Mar 15, 2004
- Last visit: May 26, 2010
- Posts: 129
Posted: Sep 13, 2011 - 03:59 AM
If the server itself is insecure to begin with, then it is possible. -
- Rank: Registered User
- Registered: Feb 28, 2010
- Last visit: May 18, 2010
- Posts: 44
Posted: Sep 15, 2011 - 02:30 PM
by my part i have upgraded all the modules to the last version. the only ones that i have not installed yet are News and dizkus, because i have found bugs when i have tryied in zikula 1.2.8.(i have posted the problems in the forum).
now i only can to pray to hope that the mafia hacker forget my web.
--
www.ahorradores.net
- Moderated by:
- Support
