phpBB 3.0.7 security vulnerability

March 6, 2010 · Filed Under Site and Server Security · Comments 

Recently, phpBB 3.0.7 was released by phpbb.com. They discovered a new security vulnerability in phpBB 3.0.7 version which was not noticed during testing. Following is the original announcement:

——————————————————————
We are sorry to announce the immediate release of phpBB 3.0.7-PL1 to address a security issue which was introduced in 3.0.7, unfortunately the issue wasn’t noticed during testing and has only surfaced a week
after the release of 3.0.7.

We promised working feeds for phpBB 3.0.7. Sadly, we were not able to deliver on that promise – a critical bug in the permission handling for feeds slipped past. To all people who already have updated to 3.0.7, it
is of critical importance to update to 3.0.7-PL1. Otherwise, it is possible for users to bypass permission settings under the following circumstances:

- Feeds are enabled
- Any of the posts or topics feeds are enabled
- The unauthorised user – or one of the groups they are a member of – has forum permissions set on a private forum
- If you have excluded a forum from the list of forums that provide feeds, it is unaffected

The fix for the issue is a single line change inside of feed.php, line 525 has changed from:

$forum_ids = array_keys($auth->acl_getf('f_read'));

to:

$forum_ids = array_keys($auth->acl_getf('f_read', true));

There were no other changes, in particular neither style nor language changes.

——————————————————————
If you are using phpBB 3.0.7 it is strongly recommend to upgrade it immediately to to phpBB 3.0.7-PL1 version.

Tags: , , , ,

PHP Error Class XsltProcessor not found

February 10, 2010 · Filed Under Web Hosting · Comments 

If you receive an error “Class ‘XsltProcessor’ not found” in your website then it means that XSL extension is not installed on your server. You will require installing PHP XSL extension.

Error: Fatal error: Class ‘XsltProcessor’ not found in /path/to/filename.php on line XXX

Depending on the server platform / operating system, the installation method may differ.

If you are using cPanel control panel, you will require to recompile your Apache and PHP to enable this PHP extension.

Tags: ,

Links are added automatically in the index page of the website – adsttnmq1/sdioyslkjs2 attack

February 9, 2010 · Filed Under Site and Server Security · Comments 

Recently I faced problem with one of the websites in which there were many links added automatically in the index page. The FTP password was reset many times but it didn’t fix the problem. Even there was no logs for FTP access for this website.

After checking all the files/folders of this website, I found some suspicious files in one folder. There was a PHP script along with other files which was adding the spam links in the homepage. The script was simply called by attacker and they were passing some text file as a query string.

This is not an attack on the website but it seems they were adding the links just to populate their keywords in the search engine. I was not sure from where these malicious files were uploaded but after removing these files, I have not faced the problem again.

Just for the information, the link code was started using tag.

Tags: , ,

Prevent the user nobody from sending email from cPanel server

December 13, 2009 · Filed Under cPanel Hosting Tutorials · Comments 

If you are running PHP script as an Apache user on cPanel server, it is difficult to find the account if someone sends large amount of emails via PHP script. It is due to the fact that all emails will be sent as a nobody user. cPanel provides settings to block emails which are sent via nobody user. To enable this option, follow the below steps:

- Login to your WHM.

- Go to Server Configuration -> Tweak Settings.

- Select option “Prevent the user “nobody” from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)” and save it.

Please note if PHP processes are running as a nobody user and you enable above option, your clients will not be able to send emails outside their domains using PHP mail() function.

Kailash Aghera

Tags: , , , ,

Wordpress and mod_security2 issues

November 29, 2009 · Filed Under Site and Server Security · Comments 

ModSecurity is an open source web application firewall. This helps to prevent attacks on websites, SQL injection, command execution via browser etc. However, this may break some application installed in your website. With ModSecurity2, you can not bypass any rule by ID from your .htaccess file.

If your hosting provider has enabled mod_security with Apache, you may face some problem to post topic, upload images, insert images in the post etc. Since ModSecurity2 does not allow to bypass rules by ID via .htaccess, you will have to contact your hosting provider to bypass some rules for your website. ModSecurity provides facility to bypass rules based on the location. You will require to create global whitelist configuration file to bypass certain rules based on the location.

Recently, I faced problem to upload and insert images in the post. After reading some websites, I found some global rules which I bypassed some ModSecurity rules using global whitelist configuration file which fixed my problem. The rules that I bypassed are as follow (I have put space before LocationMatch and /LocationMatch. Remove that space in your configuration file):


< LocationMatch "/wp-admin/post.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
< /LocationMatch>

< LocationMatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
< /LocationMatch>

< LocationMatch "/wp-admin/page.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
< /LocationMatch>

< LocationMatch "/wp-admin/options.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
< /LocationMatch>

< LocationMatch "/wp-admin/theme-editor.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
< /LocationMatch>

< LocationMatch "/wp-includes/">
SecRuleRemoveById 960010 960012 950006
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
< /LocationMatch>

Hope this will help others who are facing the similar problem in their Wordpress blog with mod_security.

Kailash Aghera

Tags: , , , , , , ,

Next Page »

Home - Forums - Blog - Wordpress Knowledge Base - Discount Coupon Codes - Directory - Affiliate Software