[support] Very Strange Security Breach

prothero prothero at geol.ucsb.edu
Fri Dec 17 19:04:22 UTC 2010 

Folks:
Not only do I get this error code, but several modules on my site have  
stopped working. The only thing I did was install the security module  
and mess with permissions on the /tmp folder. Sheesh! Very frustrating.
Bill

William A. Prothero
http://earthednet.org/



On Dec 17, 2010, at 10:56 AM, prothero wrote:

> Folks:
> Thanks for the link to the security test.
> I installed it, BUT, when I was messing with my permissions, so fix  
> various file permissions, I did something very simple that caused an  
> error message all through the site:
>
> --message:
> user warning: Can't create/write to file '/tmp/ 
> #sql_3cb2_0.MYI' (Errcode: 13) query: SELECT DISTINCT b.* FROM  
> blocks b LEFT JOIN blocks_roles r ON b.module = r.module AND b.delta  
> = r.delta WHERE b.theme = 'solarsentinel' AND b.status = 1 AND  
> (r.rid IN (2) OR r.rid IS NULL) ORDER BY b.region, b.weight,  
> b.module in /home/wap/public_html/modules/block/block.module on line  
> 433
> --end message.
>
> I understand that the error is in permissions for the /tmp  
> directory. I got this error when I changed permissions, but now when  
> I do chmod -R 0777 (as a test), I still get the error. This should  
> set the permissions to "Everybody can do anything". What's up? I'm  
> not a unix expert, but not a novice either and this confuses me.  
> Does the "#" char at the start of the file name mean the file is  
> invisible, ??
>
> Regards,
> Bill
>
> William A. Prothero
> http://earthednet.org/
>
>
>
> On Dec 16, 2010, at 11:00 PM, prothero wrote:
>
>> I had a similar hack happen. I had about 7 comments on a blog, in  
>> Russian, from an anonymous user. I have permission set so only  
>> registered users can make comments. Hmmm... I deleted them, but  
>> wonder what I should do to stop this in the future. I did set  
>> capcha so that comments require it. Drupal 6.19.
>> Regards,
>> Bill
>>
>> William A. Prothero
>> http://earthednet.org/
>>
>>
>>
>> On Dec 16, 2010, at 9:32 PM, Shai Gluskin wrote:
>>
>>> Hi gang,
>>>
>>> The author and URL of an anonymous comment was changed about three  
>>> months after the comment was originally posted. The change  
>>> happened last week. The new name was in Chinese and the URL is to  
>>> a Chinese web site. The content of the comment was not changed.
>>>
>>> I've never had anything like that happen before. After I  
>>> discovered this I changed user/1 pw (that is the only account on  
>>> the site with admin privileges).
>>>
>>> There is no other evidence of other damage at the site that I  
>>> found in the wake of this discovery.
>>>
>>> (Site was using 6.19 at the time of the breach).
>>>
>>> I'm stumped. Ideas anyone?
>>>
>>> Shai
>>> -- 
>>> [ Drupal support list | http://lists.drupal.org/ ]
>>
>> -- 
>> [ Drupal support list | http://lists.drupal.org/ ]
>
> -- 
> [ Drupal support list | http://lists.drupal.org/ ]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20101217/505e2690/attachment-0001.html

More information about the support mailing list