Posted on: 10/19/03 01:17am
By: Nezz
Sometime today a person ERASED my site! My host (powweb.com) has suggested that it may be a vulnrability in the CMS (geeklog). The refered me to this link.
http://www.securitytracker.com/alerts/2003/Sep/1007828.html[*1]
Could this be? I hope not. I love geeklog. But if you want to see what was left when they were done go
here[*2] .
Re:My geeklog site is gone :(
Posted on: 10/19/03 04:12am
By: Dirk
Which version of Geeklog were you running before this happened?
The issues you were pointed to have been discussed at length
here[*3] and if they're even valid, the certainly can't be used to remove files from your webspace.
Also, were you running any add-ons, such as Gallery? That, too, has had security issues in the past.
bye, Dirk
Re:My geeklog site is gone :(
Posted on: 10/19/03 06:45am
By: drshakagee
I use powweb too and they often pass the buck to anyone but themselves and when its found to be their problem they will delete forum threads that talk about it. Most likely they have a security issue where someone got your ftp password from ops.powweb.com and erased your site with that. Also they limit your sql select statements which isn't a problem until your site gets big and then they will shut your site down for an hour with no notice at all. I couldn't recommend them to anyone and once my contract runs out I am switching to a much more friendly host.
Re:My geeklog site is gone :(
Posted on: 10/19/03 06:47am
By: jkuperus
he reset password issue was valid
the forum userlist sorting issue was valid
the shoutbox xss issue was valid
the forum xss issue was valid
all 4 of these could lead to administrative access to your blog
Are you disputing this ? if so i'd like to hear your arguments and i'll dismiss each and everyone of them with ease and make you look like a fool in the process
Anyway its unlikely that people used this to totally whipe your site. as they basicly give you control over the application, not the underlying system, although I am not very famiar with geeklog, maybe you can upload php stuff somewhere in the administrative section, then you'd be screwed, maybe your where running mysql 4.1 and it has some new nifty functions that allow you to whipe stuff
but again I would say it's improbable
just to be on the save side of things you'll probably want to stay clear of insecure products like geeklog
--
and now how do i stop these mail notifies for every new thread, gawd this is anoying
Re:My geeklog site is gone :(
Posted on: 10/19/03 07:31am
By: Dirk
[QUOTE BY= jkuperus] Are you disputing this ? if so i'd like to hear your arguments and i'll dismiss each and everyone of them with ease and make you look like a fool in the process[/QUOTE]
None of the alleged SQL injections originally reported by Lorenzo for Geeklog itself were valid. They caused SQL errors, yes, but that's about it.
The password issue was found by someone else and is so far the only known case of a successful exploit based on SQL injections in Geeklog itself. The forum issue only existed on this site as it only affected an unreleased version of the Forum. We have confirmed the Forum XSS (i.e. injection of Javascript) and Shoutbox issues.
I would be interested to hear what you found that Lorenzo's reported issues such as
http://[TARGET]/index.php?topic=te'st/[SQL INJECTION CODE]
can cause in Geeklog.
[QUOTE BY= jkuperus]Anyway its unlikely that people used this to totally whipe your site.[/QUOTE]
Exactly.
[QUOTE BY= jkuperus]but again I would say it's improbable
just to be on the save side of things you'll probably want to stay clear of insecure products like geeklog[/QUOTE]
Before jumping to such conclusions, maybe we should wait until we have more information on the exact circumstances, don't you think?
[QUOTE BY= jkuperus]and now how do i stop these mail notifies for every new thread, gawd this is anoying[/QUOTE]
Go to the forum options (from your user functions block) and select "subscriptions".
bye, Dirk
Re:My geeklog site is gone :(
Posted on: 10/21/03 01:37am
By: destr0yr
Dirk, if you lived in Canada I'd buy you a beer.
Re:My geeklog site is gone :(
Posted on: 10/21/03 09:41am
By: DTrumbower
[QUOTE BY= destr0yr] Dirk, if you lived in Canada I'd buy you a beer. [/QUOTE]
He does accept paypal. And his beer tastes better.
Re:My geeklog site is gone :(
Posted on: 10/21/03 09:51am
By: destr0yr
[QUOTE BY= DTrumbower] He does except paypal. And his beer tastes better.[/QUOTE]
I was waiting for this reply.
btw, shoulda used "accept", not "except"
Re:My geeklog site is gone :(
Posted on: 10/21/03 10:13am
By: DTrumbower
btw, shoulda used "accept", not "except"
Always a darn grammar police in the group. ( I changed it, thanks)
Re:My geeklog site is gone but it's not geeklog's fault..
Posted on: 10/22/03 07:17pm
By: Nezz
I want start by giving my apologies to Dirk. Geeklog was not the culprit on my recent website annihilation. I have confirmed with my webhost (powweb) that there was an inode corruption on the hard drive that contained my site and that the system (BSD) deleted my user folder when it rebuilt the inode index.
My apologies Dirk. Geeklog is a great CMS and I should not of jumped to such a quick conclusion when the shat hit the fan. Sorry man!
drshakagree was right to put the blame where it belongs and that is with the webhost powweb. They did fess up and admit it was their problem but now I'm all paranoid that it will happen again. This would not be such a big deal but I have over 9,000 files (most are pictures) in my site and uploading them and fixing permissions is a beeatch.....
thanks for the advice drshakagree.. I too will be searching for new host when this contract is up.
Cheers!
Steve
Re:My geeklog site is gone :(
Posted on: 10/25/03 02:05pm
By: destr0yr
[QUOTE BY= Nezz] My apologies Dirk. Geeklog is a great CMS and I should not of jumped to such a quick conclusion when the shat hit the fan. Sorry man![/QUOTE]
Good saying (or at least i like it):
"Assumption is the mother of foo-bars" - exchange foo-bar with the appropriate colourful-language version if necessary