WEB Anybody been a victim of phishing?

Discussion in 'OT Technology' started by wiredup, Apr 26, 2008.

  1. wiredup

    wiredup Guest

    One of my sites was just attacked by a 'phisher'

    I have no idea how this cock sucker put his files on my server. I feel like it must have to do with a DIR being CHMOD 777. How does one write to a directory through the internet though?

    I changed it to CHMOD755, would I be safe now that only the owner can write? I also can't even delete the fucking files this person added/

    Thanks for any help...
     
  2. macistaniMac

    macistaniMac New Member

    Joined:
    Jul 6, 2006
    Messages:
    176
    Likes Received:
    0
    Probably expoited a scripting vulnerability. Are you using commercial/open source scripts? Have you checked to make sure they're up to date?

    If its your own code...did you code it securely?

    Have you checked ftp and system logs?
     
  3. Browning

    Browning Active Member

    Joined:
    Feb 14, 2005
    Messages:
    89,465
    Likes Received:
    10
    just on myspace:o
     
  4. nubian

    nubian Active Member

    Joined:
    Aug 11, 2003
    Messages:
    27,761
    Likes Received:
    1
    i was wondering the same thing when someone was dong that to one of my portfolio websites.
    whoever it was set up of a bank of another bank.
     
  5. m3s3lf

    m3s3lf *Jeep Crew*

    Joined:
    Oct 4, 2001
    Messages:
    5,460
    Likes Received:
    0
    Location:
    Sacramento, CA
    What did they add? Do you still need help deleting them?
     
  6. Logik

    Logik Livin la vida broka

    Joined:
    Jun 30, 2000
    Messages:
    20,667
    Likes Received:
    1
    Location:
    The Steel City
    do you have a "file uploader" anywhere, by chance?

    a simple ../.../../vul.sh vulnerability would write files in a 666 (or higher) folder.

    only if Apache is run as the owner of the files (probably not). what "user" put the files there?
     
  7. wiredup

    wiredup Guest

    i should have looked before i deleted them.

    what is the best way to allow user uploads through the upload script, but not allow the hackers to put files on there?
     
  8. wiredup

    wiredup Guest

    I looked again at another one...

    all the files on my server belong to the account that hosts them, but the phishing site is owned by 'nobody'
     
  9. wiredup

    wiredup Guest

    Would a 755 be sufficient to keep apache from writing to a directory owned by a specific user?
     
  10. wiredup

    wiredup Guest

    What if I used PHP to chmod the dir before and after the file upload?
     
  11. crazybenf

    crazybenf Active Member

    Joined:
    Nov 14, 2001
    Messages:
    15,575
    Likes Received:
    2
    do you run a celeron dude uploader? those are famous for getting a php shell thrown in there. :rofl:
     
  12. wiredup

    wiredup Guest

    No I don't. I run an uploader I programmed myself. I check the file type before allowing it to be uploaded, but I don't know if it just checks the file extension or not. Is there a way to detect when an image file is not actually an image?
     
  13. Logik

    Logik Livin la vida broka

    Joined:
    Jun 30, 2000
    Messages:
    20,667
    Likes Received:
    1
    Location:
    The Steel City
    5 wont allow writing.
    well if the folder is 6 or higher when the "file" is uploaded the vul can still get on your box.
    verify/check the files...

    e.g.,
    Code:
    $header_bytes = fread($fh, 8);
    				if (!strncmp ($header_bytes, "\xFF\xD8", 2))
    					$file_format = ".jpg";
    				else if (!strncmp ($header_bytes, "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A", 8))
    					$file_format = ".png";
    				else if (!strncmp ($header_bytes, "GIF", 3))
    					$file_format = ".gif";
    				else
    					$error = "Unknown file format, only .JPG, .PNG, and .GIF files are allowed.";
    lets see the code
     
  14. wiredup

    wiredup Guest

    Code:
                            //echo "Myfield: $my_field";
                            if(isset($my_field)){
                        
                                    //UPLOAD THE IMAGE                
                                    $filetypeis = $_FILES['my_field']['type'];
                                    $size_is = $_FILES['my_field']['size'];
                                    $allowed_types = array('image/pjpeg','image/jpeg','image/gif','image/png'); 
                                         
                                    if(in_array($_FILES['my_field']['type'], $allowed_types)){
                                        
                                        if($size_is<99048576){
                                        
                                        $picturename = $newid . "_" . md5(time());
                                    
                                    
                                    
                                            if($filetypeis=="image/jpeg"){
                                                $ext = ".jpg";
                                                $fp_image = $picturename . $ext;
                                            }
                                    
                                            if($filetypeis=="image/pjpeg"){
                                                
                                                $ext = ".jpg";
                                                $fp_image = $picturename . $ext;
                                            }
                                            
                                            if($filetypeis=="image/gif"){
                                                
                                                $ext = ".gif";
                                                $fp_image = $picturename . $ext;
                                            }
                                            
                                            
                                                if($filetypeis=="image/png"){
                                                
                                                $ext = ".png";
                                                $fp_image = $picturename . $ext;
                                            }
                                    
                                    
                                        
                                    
                                            
                                                
                                                
                                                
                                                        //Only want to resize the main picture if it is wider than 400px
                                                    list($new_width, $height, $type, $attr) = getimagesize($_FILES['my_field']['tmp_name']);
                                                    if($new_width<401){
                                                    } else {
                                                        $new_width = "400";
                                                    }
                                                
                                                    // ---------- IMAGE UPLOAD ----------
                                                    // we create an instance of the class, giving as argument the PHP object 
                                                    // corresponding to the file field from the form
                                                    // All the uploads are accessible from the PHP object $_FILES
                                                    $handle = new Upload($_FILES['my_field']);
                                                
                                                    // then we check if the file has been uploaded properly
                                                    // in its *temporary* location in the server (often, it is /tmp)
                                                    if ($handle->uploaded) {
                                                    
                                                    
                                                        // yes, the file is on the server
                                                        // below are some example settings which can be used if the uploaded file is an image.
                                                        //$handle->file_new_name_body = $picturename;
                                                        // now, we start the upload 'process'. That is, to copy the uploaded file
                                                        // from its temporary location to the wanted location
                                                        // It could be something like $handle->Process('/home/www/my_uploads/');
                                                        //$handle->Process('./img/full/');
                                                        // we check if everything went OK
                                                        // if ($handle->processed) {
                                                            // everything was fine !
                                                        //} else {
                                                        // one error occured
                                                        //}
                                                    
                                                        
                                                        // yes, the file is on the server
                                                        // below are some example settings which can be used if the uploaded file is an image.
                                                        $handle->image_resize          = true;
                                                        $handle->image_ratio_y         = true;
                                                        $handle->image_x               = $new_width;
                                                        $handle->file_new_name_body = $picturename;
                                                        // now, we start the upload 'process'. That is, to copy the uploaded file
                                                        // from its temporary location to the wanted location
                                                        // It could be something like $handle->Process('/home/www/my_uploads/');
                                                        $handle->Process('./img/400/');
                                                        // we check if everything went OK
                                                         if ($handle->processed) {
                                                            // everything was fine !
                                                        } else {
                                                        // one error occured
                                                        }
                                                
                                                        
                                                        // we now process the image a second time, with some other settings
                                                        $handle->image_resize          = true;
                                                        $handle->image_ratio_crop      = true;
                                                        $handle->image_y               = 90;
                                                        $handle->image_x               = 135;
                                                        $handle->file_new_name_body =  $picturename;
                                                
                                                        $handle->Process('./img/90/');
                                                        
                                                        // we check if everything went OK
                                                        if ($handle->processed) {
                                                            // everything was fine !
                                                        } else {
                                                            // one error occured
                                                        }
                                                        
                                                        
                                                                                    
                                                
                                                
                                                        $handle-> Clean();
                                                        
                                                        
                                                        
                                                        
                                                        //upload successful so lets dump it into the database
                                                        //Add the extension
                                                        
                                                        $picturename .= $ext;
                                        
                                                        $sql = mysql_query("UPDATE `cars` SET  path='$picturename' WHERE id='$newid'");
                                        
                                        
                                                                        
                                                
                                                    } else {
                                                        // if we're here, the upload file failed for some reasons
                                                        // i.e. the server didn't receive the file
                                                        //echo '<fieldset>';
                                                        //echo '  <legend>file not uploaded on the server</legend>';
                                                        //echo '  Error: ' . $handle->error . '';
                                                        //echo '</fieldset>';
                                                    }
                                                        
                                                
                                         }else{
                                           //image > 1MB
                                           //echo "Image was too big!";
                                         }
                                    
                                    }else{
                                    
                                    $msg = "Invalid File Type<br>";    
                                        
                                    }//not in file type array
                        
                        
                        
                            }//If they even added a picture
    here it is...
     
  15. crazybenf

    crazybenf Active Member

    Joined:
    Nov 14, 2001
    Messages:
    15,575
    Likes Received:
    2
    you check the mime type only.. it's easy to throw malicious code inside of gifs.

    That's where your attack came in.
     
  16. wiredup

    wiredup Guest

    What should I change there?
     
  17. Logik

    Logik Livin la vida broka

    Joined:
    Jun 30, 2000
    Messages:
    20,667
    Likes Received:
    1
    Location:
    The Steel City
    Welcome to post #6 ;)

    Welcome to post #13
     

Share This Page