Folks:
Thanks for the link to the security test.
I installed it, BUT, when I was messing with my permissions, so fix various file permissions, I did something very simple that caused an error message all through the site:

--message:
user warning: Can't create/write to file '/tmp/#sql_3cb2_0.MYI' (Errcode: 13) query: SELECT DISTINCT b.* FROM blocks b LEFT JOIN blocks_roles r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = 'solarsentinel' AND b.status = 1 AND (r.rid IN (2) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module in /home/wap/public_html/modules/block/block.module on line 433
--end message.

I understand that the error is in permissions for the /tmp directory. I got this error when I changed permissions, but now when I do chmod -R 0777 (as a test), I still get the error. This should set the permissions to "Everybody can do anything". What's up? I'm not a unix expert, but not a novice either and this confuses me. Does the "#" char at the start of the file name mean the file is invisible, ??

Regards,
Bill

William A. Prothero

http://earthednet.org/




On Dec 16, 2010, at 11:00 PM, prothero wrote:

I had a similar hack happen. I had about 7 comments on a blog, in Russian, from an anonymous user. I have permission set so only registered users can make comments. Hmmm... I deleted them, but wonder what I should do to stop this in the future. I did set capcha so that comments require it. Drupal 6.19.
Regards,
Bill

William A. Prothero



On Dec 16, 2010, at 9:32 PM, Shai Gluskin wrote:

Hi gang,

The author and URL of an anonymous comment was changed about three months after the comment was originally posted. The change happened last week. The new name was in Chinese and the URL is to a Chinese web site. The content of the comment was not changed.

I've never had anything like that happen before. After I discovered this I changed user/1 pw (that is the only account on the site with admin privileges).

There is no other evidence of other damage at the site that I found in the wake of this discovery.

(Site was using 6.19 at the time of the breach).

I'm stumped. Ideas anyone?

Shai
--
[ Drupal support list | http://lists.drupal.org/ ]

--
[ Drupal support list | http://lists.drupal.org/ ]