Sometime today a person ERASED my site! My host (powweb.com) has suggested that it may be a vulnrability in the CMS (geeklog). The refered me to this link.

http://www.securitytracker.com/alerts/2003/Sep/1007828.html

Could this be? I hope not. I love geeklog. But if you want to see what was left when they were done go here.

---

----------------------------------
Building the better weapon....
----------------------------------

Steve

Which version of Geeklog were you running before this happened?

The issues you were pointed to have been discussed at length here and if they're even valid, the certainly can't be used to remove files from your webspace.

Also, were you running any add-ons, such as Gallery? That, too, has had security issues in the past.

bye, Dirk

I use powweb too and they often pass the buck to anyone but themselves and when its found to be their problem they will delete forum threads that talk about it. Most likely they have a security issue where someone got your ftp password from ops.powweb.com and erased your site with that. Also they limit your sql select statements which isn't a problem until your site gets big and then they will shut your site down for an hour with no notice at all. I couldn't recommend them to anyone and once my contract runs out I am switching to a much more friendly host.

---

Yes I am mental.

he reset password issue was valid
the forum userlist sorting issue was valid
the shoutbox xss issue was valid
the forum xss issue was valid

all 4 of these could lead to administrative access to your blog
Are you disputing this ? if so i'd like to hear your arguments and i'll dismiss each and everyone of them with ease and make you look like a fool in the process

Anyway its unlikely that people used this to totally whipe your site. as they basicly give you control over the application, not the underlying system, although I am not very famiar with geeklog, maybe you can upload php stuff somewhere in the administrative section, then you'd be screwed, maybe your where running mysql 4.1 and it has some new nifty functions that allow you to whipe stuff

but again I would say it's improbable
just to be on the save side of things you'll probably want to stay clear of insecure products like geeklog

--
and now how do i stop these mail notifies for every new thread, gawd this is anoying

---

"&'

None of the alleged SQL injections originally reported by Lorenzo for Geeklog itself were valid. They caused SQL errors, yes, but that's about it.

The password issue was found by someone else and is so far the only known case of a successful exploit based on SQL injections in Geeklog itself. The forum issue only existed on this site as it only affected an unreleased version of the Forum. We have confirmed the Forum XSS (i.e. injection of Javascript) and Shoutbox issues.

I would be interested to hear what you found that Lorenzo's reported issues such as
http://[TARGET]/index.php?topic=te'st/[SQL INJECTION CODE] can cause in Geeklog.



Exactly.


Before jumping to such conclusions, maybe we should wait until we have more information on the exact circumstances, don't you think?


Go to the forum options (from your user functions block) and select "subscriptions".

bye, Dirk

Dirk, if you lived in Canada I'd buy you a beer.

---

-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams

He does accept paypal. And his beer tastes better.

I was waiting for this reply.

btw, shoulda used "accept", not "except"

---

-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams

Always a darn grammar police in the group. ( I changed it, thanks)

I want start by giving my apologies to Dirk. Geeklog was not the culprit on my recent website annihilation. I have confirmed with my webhost (powweb) that there was an inode corruption on the hard drive that contained my site and that the system (BSD) deleted my user folder when it rebuilt the inode index.

My apologies Dirk. Geeklog is a great CMS and I should not of jumped to such a quick conclusion when the shat hit the fan. Sorry man!

drshakagree was right to put the blame where it belongs and that is with the webhost powweb. They did fess up and admit it was their problem but now I'm all paranoid that it will happen again. This would not be such a big deal but I have over 9,000 files (most are pictures) in my site and uploading them and fixing permissions is a beeatch.....

thanks for the advice drshakagree.. I too will be searching for new host when this contract is up.

Cheers!

Steve

---

----------------------------------
Building the better weapon....
----------------------------------

Steve

Good saying (or at least i like it):
"Assumption is the mother of foo-bars" - exchange foo-bar with the appropriate colourful-language version if necessary

---

-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams