hello everybody

recently my site was hijacked, a couple of files have been uploaded and modified, and the only thing I can think about it, is that somehow they upload it through myalbum, as it is the only thing available to upload files in my site

my firewall haven't detected anything

is there a known bug or something for myalbum version 2.86 with xoops 2.0.14 ?

thanks for your time

hi marckd.

Have you enabled Protector?
It's a MUST module for the core from xoops.org like 2.0.14

And myAlbum-P always checks the uploaded files are valid or not.

Anyway, show the file to me with detail if you doubt me.

thanks for the soon reply!

Protector? what is that and where do I enable it?

I know and I really trust about myAlbum, it is by far my most favourite module in xoops, but due to this hack, google penalized me and my visits dropped 70% in just one day, and yet I can't understand where they got access, this was the only way to upload files, and so my first thought about the hack

sorry if I offended you, it wasn't my intention, just to find out how they got access and to be preventive for the future

thanks again

You can get protector form: http://xoops.peak.ne.jp/md/mydownloads/singlefile.php?lid=105&cid=1

hi marckd.

Don't call cracker == "script kiddie" as "Hacker" please.
Hacker is a honorific title.

And my module is named myAlbum-P instead of "myAlbum".

Quote:sigh...

Quote:You should know, a cracker can make files as he like via some vulnerable codes.
The feature of uploading is unrelated.

And, myAlbum-P always put uploaded files (number).(ext) like 1.jpg

You should check all modules you use.

In fact, There are too many vulnerable modules in xoops.org

0k, sorry again for the wrong terms

Quote:is there a way to know this? a list maybe or some way to check vulnerabilities?

thanks again

Quote:Only skilled programmers/hackers can do that.
As far as I know, all code checkers for PHP are useless.

0k! thanks for your time GIJOE :)