Khaled Sorry to hear of the break-in.
This Wiki page may be helpful - http://wiki.habariproject.org/en/Security_Considerations Andy PS. How goes the 'Chameleon' theme ? :-) On Mar 11, 12:46 am, Arthus Erea <[email protected]> wrote: > In that case, sounds like it's a non-Habari issue. > > I'd make sure your file permissions are locked down correctly, change > your password, then try to find whatever caused the issue. Hopefully > some of our more security-minded folks can chip in with some tips. > > On Mar 10, 2009, at 8:41 PM, Khaled Abou Alfa wrote: > > > Right I seem to have found the issue here. It seems the two main > > files that got hacked were the config.php file and the main > > index.php file. Once i deleted the stuff from there, it's been > > running back to normal. The thing is though, how did this happen, > > and how to prevent it form happening again? > > > On Wed, Mar 11, 2009 at 12:35 AM, Arthus Erea > > <[email protected]> wrote: > > Actually, the easiest thing might be to just delete the entire > > system directory. > > > Then svn up or check it out again, and you should get a fresh, > > clean, working install. > > > On Mar 10, 2009, at 8:30 PM, Khaled Abou Alfa wrote: > > >> Oh fuck. What the hell is happening there????? Right I've been > >> through my files and there were a couple of stray 00.php files and > >> a few new index files etc. If i delete all of my files (except the > >> my images in user and my theme) can i then SVN up? > > >> On Wed, Mar 11, 2009 at 12:08 AM, Arthus Erea > >> <[email protected]> wrote: > >> Well that explains why you're not able to have requests load. > > >> Javascript is expecting JSON return, and HTML was interjected. > > >> Off the top of my head, it looks like you might have gotten hacked > >> somehow. Someone is adding arbitrary html (spam) to all requests on > >> your site. > > >> If you look at the HTML of your main page, you can find the same > >> code present. (It's hidden from display though.) > > >> You should definitely get this cleaned up, since it's also a way > >> spammers try to game Google and it could get you blacklisted. > > >> I'm not sure exactly how they're going about doing this, but I > >> doubt it's through Habari. Look around for some stray files which > >> don't seem to belong. Also, investigate your .htaccess file. > > >> On Mar 10, 2009, at 8:00 PM, Khaled Abou Alfa wrote: > > >>> Thanks for the help guys. Unfortunately clearly something has gone > >>> completely wonky. When I follow the directions above, basically I > >>> get a bunch of text, some of which pretains to my files from the > >>> media silo, but then it seems that all I get is spam stuff in > >>> there. Here's where it all changes: > > >>> / > >>> dell_netbook > >>> .png > >>> ","basename > >>> ":"dell_netbook.png","title":"dell_netbook.png","url":"http:\/\/ > >>> brokenkode > >>> .com\/user\/files\/dell_netbook.png","thumbnail_url":"http:\/\/ > >>> brokenkode.com\/user\/files\/.deriv\/dell_netbook > > >>> .png.thumbnail.jpg","filetype":"image_png"},"logo_v1.png": > >>> {"path":"Habari\/logo_v1.png","basename":"logo_v1 > >>> .png","title":"logo_v1.png","url":"http:\/\/brokenkode.com\/user\/ > >>> files\/logo_v1.png","thumbnail_url" > > >>> :"http:\/\/brokenkode.com\/user\/files\/.deriv\/ > >>> logo_v1.png.thumbnail.jpg","filetype":"image_png"},"me > >>> .jpg":{"path":"Habari\/ > >>> me.jpg","basename":"me.jpg","title":"me.jpg","url":"http:\/\/ > >>> brokenkode.com\/user > > >>> \/files\/me.jpg","thumbnail_url":"http:\/\/brokenkode.com\/user\/ > >>> files\/.deriv\/me.jpg.thumbnail.jpg" > >>> ,"filetype":"image_jpeg"}},"path":"Habari","controls":"<li class= > >>> \"root\"><a href=\"#\" onclick=\"habari > > >>> .media.fullReload();habari.media.showdir('Habari');return false; > >>> \">Root<\/a><\/li><li><a href=\"#\" onclick > >>> =\"habari.media.showdir('Habari\/');return false;\">Browse<\/a><\/ > >>> li><li><a href=\"#\" onclick=\"habari > > >>> .media.showpanel('Habari\/', 'upload');return false;\">Upload<\/a>< > >>> \/li><li><a href=\"#\" onclick=\"habari > >>> .media.showpanel('Habari\/', 'mkdir');return false;\">Create > >>> Directory<\/a><\/li>"}<u style=display:none > > >>> ><a > >>> >href="http://www.sturdytents.com/inc/ellen-biddle-shipman-duke-gardens.html > >>> ">ellen biddle shipman > > >>> duke gardens</a><a > >>> href="http://www.sipsanicaragua.com/inc/saddle-seat-bar-stools-toronto-cana... > >>> " > > >>> >saddle seat bar stools toronto canada</a><a > >>> >href="http://www.sollopatin.com/inc/renoirs-garden-fabric > > >>> That garballed mess goes on for AGES, hundreds of lines of that > >>> rubbish. Any thoughts? > > >>> On Tue, Mar 10, 2009 at 1:09 AM, Josh Wood <[email protected]> wrote: > > >>> If you want to go the "request monitor" route: > > >>> Use Firefox. Install Firebug. Open your habari admin panel. Log > >>> in. Go > >>> to 'New->Entry'. > > >>> Open Firebug. Click the 'Net' tab. Click the small down arrow to the > >>> right of 'Net'. Choose 'Enabled'. > > >>> Click the 'XHR' tab in the row above 'Net'. > > >>> Expand your media silo splitter. The spinner begins to spin... > > >>> Click the right-arrow to expand the POST line that appears in > >>> Firebug. > > >>> Click the 'Response' tab in the area you just expanded. > > >>> Note the error being returned, if any, that is displayed on the > >>> 'Response' tab. > > >>> The Headers and Post tabs may be of interest as well, but the > >>> Response > >>> tab is where I would look first. > > >>> For example, by intentionally arranging to have an error happen, I > >>> can > >>> read back: > > >>> "Fatal error</b>: Call to undefined function imagecreatefrompng() > >>> in > >>> <b>/usr/j/web/hb/system/plugins/habarisilo/habarisilo.plugin.php</b> > >>> on line <b>208</b>" > > >>> from the XHR response in the 'Response' tab. > > >>> I hope that will help gather some data. > > >>> -Josh > > >>> On Mon, Mar 9, 2009 at 3:38 PM, Arthus Erea > >>> <[email protected]> wrote: > >>> > Do you have a request monitor installed? > >>> > After taking an action (such as changing filter), take a look at > >>> the > >>> > monitor. There should be a new request. > >>> > Take a look at that request and see what the outcome is. There > >>> are 3 > >>> > possible outcomes I can think of: > >>> > 1) The request loads forever, never actually loading. (This > >>> might be some > >>> > sort of redirect issue.) > >>> > 2) The result loads, but there's a PHP error message displayed. > >>> Or, the > >>> > result is blank. If this is the case, please paste the error. > >>> > 3) The result loads without error, but Javascript mistakenly > >>> detects an > >>> > error. If this is the case, again, please paste the error. > >>> > Hopefully we can get this resolved with some more debugging. > >>> > It also might be worth trying a fresh install to see if that > >>> works. > >>> > On Mar 9, 2009, at 6:32 PM, Khaled Abou Alfa wrote: > > >>> > Heya Michael, > >>> > Not sure what I'm looking for here. Basically if I try and use > >>> the search > >>> > bar (ie to filter stuff out in comments) it basically stalls. > >>> This is > >>> > whether I basically delete anything, search for anything etc. It > >>> loads the > >>> > page ok, but then when it gets to POST update_comment thats > >>> where things go > >>> > a bit wrong. > >>> > Should I maybe delete something and then SVN up? Maybe that > >>> might help? Like > >>> > under system maybe? > >>> > On Mon, Mar 9, 2009 at 10:57 AM, Michael Harris > >>> > <[email protected] > > >>> > wrote: > > >>> >> 2009/3/9 Khaled Abou Alfa <[email protected]>: > >>> >> > I've SVNed up to the rev 3298 but unfortunately I can't seem > >>> to get any > >>> >> > tasks actually done. Specifically if I try and use the media > >>> silo, it > >>> >> > opens > >>> >> > up, but nothing else happens (ie the spinner keeps on > >>> spinning and > >>> >> > that's > >>> >> > about it). > >>> >> > Something similar happens when trying to deal with comments. > >>> If I want > >>> >> > to > >>> >> > mark them as spam, or approve them, the spinner does it's > >>> thing but > >>> >> > nothing > >>> >> > actually happens. The difference here of course is that if I > >>> go to > >>> >> > another > >>> >> > page (like the dash) then the actual action has been taken > >>> care of (for > >>> >> > that > >>> >> > page). > > >>> >> I know it doesn't really help, but I can't reproduce this. > >>> r3299 works > >>> >> fine for me. > > >>> >> The ajax calls are not succeeding for some reason. It would be > >>> useful > >>> >> if you could investigate the requests. Do you have firebug > >>> installed ? > >>> >> Or is there some similar net monitor for Safari ? If so, can > >>> you look > >>> >> to see what happens with the ajax requests ? Do other ajax > >>> requests > >>> >> work, such as moving the loupe or typing in the search boxes ? > > >>> >> -- > >>> >> Michael C. Harris, School of CS&IT, RMIT University > >>> >>http://twofishcreative.com/michael/blog > >>> >> IRC: michaeltwofish #habari --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/habari-dev -~----------~----~----~----~------~----~------~--~---
