 |
|
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||
 |
  |
|||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||
 |
||||||||||||||||||||||||||||||||||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
My Almost-daily Journal |
|
| About I love trying out new things, especially when it comes to internet technology. I never really kept a journal, but it's something that I've always wanted to do. Now, everybody will get a chance to look inside my twisted, and somewhat-warped mind.
I've also subscribed to Audio Blog, so a few times a week, I'll leave actual voice blogs. Very cool!XML Newsfeed Previous Posts
 |
Friday, May 02, 2003
My Photo Albums On April 28, 2003, I got a distribution email from Mike Bobbit, the writer of the photo album software, that hackers have exploited a weakness within the album.pl file. I should heeded his warning. A few days later, I got a personal email from him stating the same. He was rightfully concerned, since my photo albums are listed as the second "benchmark" albums on his site. So last night, I FTP'ed into my site, to add the fix to the album.pl file. Once I got in, I noticed a few "rogue" files that I did not place on my server. There was a directory called "bnc" with a php shell command that allowed a hacker to basically do anything they wanted to my server, including deleting files. I also noticed a text file, that set up permissions to the server that bypassed any authentication to the server. I basically shit my drawers, since I have put several hundred hours into dinofilias.com... maybe more with all the photos and videos. Therefore, to be safe, I deleted all the rogue files (Peter helped with this via telnet, since some of the files I couldn't even delete), and I also disabled the entire album application. Thinking back to a few days ago, I do remember a user from the Netherlands attempting to get a login to the BB. The nice thing about album.pl is that it ties into the BB authentication. However, album.pl is a little weak, since it only looks to see if there's a member in the member database... it does not look to see if they have been granted access to post. So this A-hole actually uploaded an image, even without BB clearance. I just deleted the picture, and deleted his unapproved user account. I hope dinofilias.com is the only domain that was affected. However, I think with the files that the hacker uploaded, he could have had control over the whole server. Scary, since we have customers that reside on our server. I tried applying the fix to the album.pl file, but for some reason, the perl file wouldn't execute... the browser would think that the file is trying to be downloaded. I'm not sure if this is a server-wide problem, or a problem with the fix. Therefore, I'm going to install album.pl version 6.2, which is going to take me a looooooong time, since I have to mess with new templates and new css files. I'm pissed. If I didn't have a job, and I was rich, I would dedicate my life to finding this person. If I found this person's address, I would make a trip to the Netherlands and hunt him down like an animal. Unfortunately, I have a job, and a vigilant trip to the Netherlands isn't in my life plan. Hopefully I removed all the rogue files and the site is secure. I will need to apply the fix to www.techtau.com, since that album is currently unprotected. The only thing that is saving me right now is that site is pretty much private, but it probably won't be long before it get's hacked. I guess I have some work ahead of me. posted by Dino at 8:39 AM (permanent link) |