[support] Very Strange Security Breach
prothero
prothero at geol.ucsb.edu
Fri Dec 17 18:56:24 UTC 2010
Folks:
Thanks for the link to the security test.
I installed it, BUT, when I was messing with my permissions, so fix
various file permissions, I did something very simple that caused an
error message all through the site:
--message:
user warning: Can't create/write to file '/tmp/
#sql_3cb2_0.MYI' (Errcode: 13) query: SELECT DISTINCT b.* FROM blocks
b LEFT JOIN blocks_roles r ON b.module = r.module AND b.delta =
r.delta WHERE b.theme = 'solarsentinel' AND b.status = 1 AND (r.rid IN
(2) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module in /home/
wap/public_html/modules/block/block.module on line 433
--end message.
I understand that the error is in permissions for the /tmp directory.
I got this error when I changed permissions, but now when I do chmod -
R 0777 (as a test), I still get the error. This should set the
permissions to "Everybody can do anything". What's up? I'm not a unix
expert, but not a novice either and this confuses me. Does the "#"
char at the start of the file name mean the file is invisible, ??
Regards,
Bill
William A. Prothero
http://earthednet.org/
On Dec 16, 2010, at 11:00 PM, prothero wrote:
> I had a similar hack happen. I had about 7 comments on a blog, in
> Russian, from an anonymous user. I have permission set so only
> registered users can make comments. Hmmm... I deleted them, but
> wonder what I should do to stop this in the future. I did set capcha
> so that comments require it. Drupal 6.19.
> Regards,
> Bill
>
> William A. Prothero
> http://earthednet.org/
>
>
>
> On Dec 16, 2010, at 9:32 PM, Shai Gluskin wrote:
>
>> Hi gang,
>>
>> The author and URL of an anonymous comment was changed about three
>> months after the comment was originally posted. The change happened
>> last week. The new name was in Chinese and the URL is to a Chinese
>> web site. The content of the comment was not changed.
>>
>> I've never had anything like that happen before. After I discovered
>> this I changed user/1 pw (that is the only account on the site with
>> admin privileges).
>>
>> There is no other evidence of other damage at the site that I found
>> in the wake of this discovery.
>>
>> (Site was using 6.19 at the time of the breach).
>>
>> I'm stumped. Ideas anyone?
>>
>> Shai
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20101217/14192fdc/attachment.html
More information about the support
mailing list