Fork me on GitHub

Watch

GitHub Core

Show your support for Zikula! Sign up at Github account and watch the Core project!




GitHub Modules

Forum Activity

Forum feed

» Visit forum | » View latest posts

someone have introduced a web inside my web to simulate a bank web to make pishing  Bottom

  • someone is trying and trying to introduce a web inside my web to simulate a bank web to make pishing...

    I need to know if this is possible to some parameters that i had configured or if it is possible by a bug of zikula. How can i to avoid this?

    --
    www.ahorradores.net
  • The most likely cause by far is that someone has gained ftp or ssh access to your server. Check your logs, you'll likely see the file transfers and login activity.
  • the access log folder is empty...maybe the hacker has desactivated it? My hosting says that it is a security bug of zikula... this is the 3 time that happen, when that happened in june y formated my computer installed UBUNTU and changed my ftp password but the problem still is happening... How it is possible to install inside of the htdocs a complete web of pisshing through zikula? it is so easy to attack zikula?
    maybe the guilty of my problem is my hosting????

    I need to solve this, it is a serious problem

    --
    www.ahorradores.net
  • Either htdocs are writeable by the web server software, which it shouldn't be, or they have your ftp/ssh login information. Those are the only options.

    The only Zikula directores that should be writeable are under pnTemp (or ztemp, depending on the version), which should have a .htaccess file that disallows .html files.

    In short, if Zikula is installed properly it's not happening through Zikula.

    if access_log is empty then you really have a problem.
  • hello ccandreva, thanks for answer... why if access_log is empty i have a problem?

    --
    www.ahorradores.net
  • Not necessarily. Look at your server configuration and see where the log is configured to be. You may be looking in the wrong place. It's also possible (but strange) that the access log is disabled.

    If the host persists in blaming Zikula, make them tell you what function is insecure, or make them show you the security alert that says there's a problem. They are just passing the buck...
  • Do you have "special" things installed like Xinha plugins or for example Gallery2 plugins? Somewhere in the past I was hacked through a gallery2 plugin that I was not using. And some xinha plugins (like extendedfilemanager) are more vulnerable.

    --
    campertoday.nl, Module development, Dutch Zikula Community
  • hello, thanks very much to help me... yes i have scribite(xinha) but i have the last version instaled. I will take a look to the configuration....but i would like to know how did you found that the problem come by that modules? i am blind because i cannot to discover where is the hole.

    --
    www.ahorradores.net
  • If your hoster blames Zikula for the security problem, he has to proof that with relevant parts of logs. Without them there is no way to find & fix anything. All similar cases so far have turned out to be based on outdated server operating systems with well known security holes, or compromised user/root accounts.
    Greetings,
    Chris

    --
    an operating system must operate
    development is life
    my repo
  • If you are on a shared host, then it is possible that another website that is hosted on the same server has been hacked, instead of yours. Also, if you both share the same IP address, then it may "seem" that it is your site that is the cause of the hack, when in fact it is that other site.

    So, your web host should look into other sites which may share the same IP address as yours.
  • Even on a shared host, other web sites should not have write access to his web root !
  • If the server itself is insecure to begin with, then it is possible.
  • by my part i have upgraded all the modules to the last version. the only ones that i have not installed yet are News and dizkus, because i have found bugs when i have tryied in zikula 1.2.8.(i have posted the problems in the forum).

    now i only can to pray to hope that the mafia hacker forget my web.

    --
    www.ahorradores.net

This list is based on users active over the last 60 minutes.