Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 05:28 pm EDT

Geeklog Forums

My geeklog site is gone :(


Status: offline

Nezz

Forum User
Newbie
Registered: 08/08/03
Posts: 5
angry
Sometime today a person ERASED my site! My host (powweb.com) has suggested that it may be a vulnrability in the CMS (geeklog). The refered me to this link.

http://www.securitytracker.com/alerts/2003/Sep/1007828.html

Could this be? I hope not. I love geeklog. But if you want to see what was left when they were done go here.
----------------------------------
Building the better weapon....
----------------------------------

Steve
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Which version of Geeklog were you running before this happened?

The issues you were pointed to have been discussed at length here and if they're even valid, the certainly can't be used to remove files from your webspace.

Also, were you running any add-ons, such as Gallery? That, too, has had security issues in the past.

bye, Dirk
 Quote

Status: offline

drshakagee

Forum User
Full Member
Registered: 10/01/03
Posts: 231
I use powweb too and they often pass the buck to anyone but themselves and when its found to be their problem they will delete forum threads that talk about it. Most likely they have a security issue where someone got your ftp password from ops.powweb.com and erased your site with that. Also they limit your sql select statements which isn't a problem until your site gets big and then they will shut your site down for an hour with no notice at all. I couldn't recommend them to anyone and once my contract runs out I am switching to a much more friendly host.
Yes I am mental.
 Quote

Status: offline

jkuperus

Forum User
Newbie
Registered: 10/06/03
Posts: 1
he reset password issue was valid
the forum userlist sorting issue was valid
the shoutbox xss issue was valid
the forum xss issue was valid

all 4 of these could lead to administrative access to your blog
Are you disputing this ? if so i'd like to hear your arguments and i'll dismiss each and everyone of them with ease and make you look like a fool in the process

Anyway its unlikely that people used this to totally whipe your site. as they basicly give you control over the application, not the underlying system, although I am not very famiar with geeklog, maybe you can upload php stuff somewhere in the administrative section, then you'd be screwed, maybe your where running mysql 4.1 and it has some new nifty functions that allow you to whipe stuff

but again I would say it's improbable
just to be on the save side of things you'll probably want to stay clear of insecure products like geeklog

--
and now how do i stop these mail notifies for every new thread, gawd this is anoying
"&'
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by jkuperus: Are you disputing this ? if so i'd like to hear your arguments and i'll dismiss each and everyone of them with ease and make you look like a fool in the process

None of the alleged SQL injections originally reported by Lorenzo for Geeklog itself were valid. They caused SQL errors, yes, but that's about it.

The password issue was found by someone else and is so far the only known case of a successful exploit based on SQL injections in Geeklog itself. The forum issue only existed on this site as it only affected an unreleased version of the Forum. We have confirmed the Forum XSS (i.e. injection of Javascript) and Shoutbox issues.

I would be interested to hear what you found that Lorenzo's reported issues such as
http://[TARGET]/index.php?topic=te'st/[SQL INJECTION CODE] can cause in Geeklog.


Quote by jkuperus:Anyway its unlikely that people used this to totally whipe your site.

Exactly.

Quote by jkuperus:but again I would say it's improbable
just to be on the save side of things you'll probably want to stay clear of insecure products like geeklog

Before jumping to such conclusions, maybe we should wait until we have more information on the exact circumstances, don't you think?

Quote by jkuperus:and now how do i stop these mail notifies for every new thread, gawd this is anoying

Go to the forum options (from your user functions block) and select "subscriptions".

bye, Dirk
 Quote

Status: offline

destr0yr

Forum User
Full Member
Registered: 07/06/02
Posts: 324
Dirk, if you lived in Canada I'd buy you a beer. Mr. Green
-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams
 Quote

Status: offline

DTrumbower

Forum User
Moderator
Registered: 01/08/03
Posts: 507
Quote by destr0yr: Dirk, if you lived in Canada I'd buy you a beer. Mr. Green


He does accept paypal. Big Grin And his beer tastes better.
 Quote

Status: offline

destr0yr

Forum User
Full Member
Registered: 07/06/02
Posts: 324
Quote by DTrumbower: He does except paypal. Big Grin And his beer tastes better.

I was waiting for this reply.

btw, shoulda used "accept", not "except" Wink

-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams
 Quote

Status: offline

DTrumbower

Forum User
Moderator
Registered: 01/08/03
Posts: 507
btw, shoulda used "accept", not "except"


Always a darn grammar police in the group. Oops! ( I changed it, thanks)
 Quote

Status: offline

Nezz

Forum User
Newbie
Registered: 08/08/03
Posts: 5
embarrassed
I want start by giving my apologies to Dirk. Geeklog was not the culprit on my recent website annihilation. I have confirmed with my webhost (powweb) that there was an inode corruption on the hard drive that contained my site and that the system (BSD) deleted my user folder when it rebuilt the inode index.

My apologies Dirk. Geeklog is a great CMS and I should not of jumped to such a quick conclusion when the shat hit the fan. Sorry man!

drshakagree was right to put the blame where it belongs and that is with the webhost powweb. They did fess up and admit it was their problem but now I'm all paranoid that it will happen again. This would not be such a big deal but I have over 9,000 files (most are pictures) in my site and uploading them and fixing permissions is a beeatch.....

thanks for the advice drshakagree.. I too will be searching for new host when this contract is up.

Cheers!

Steve
----------------------------------
Building the better weapon....
----------------------------------

Steve
 Quote

Status: offline

destr0yr

Forum User
Full Member
Registered: 07/06/02
Posts: 324
Quote by Nezz: My apologies Dirk. Geeklog is a great CMS and I should not of jumped to such a quick conclusion when the shat hit the fan. Sorry man!

Good saying (or at least i like it):
"Assumption is the mother of foo-bars" - exchange foo-bar with the appropriate colourful-language version if necessary Twisted Evil
-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams
 Quote

All times are EDT. The time is now 05:28 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content