Recent hacks due to AGSQL?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • jerzeemedia
    Confirmed User
    • May 2004
    • 1532

    #1

    Recent hacks due to AGSQL?

    Has anyone else experienced intrusions on their servers due to the recent AGSQL security issues?
    Free Adult Blog Hosting
    http://www.waqn.com

    free porn
    www.mojohost.com - Best guys, best host.
  • madawgz
    8.8.8.8
    • Mar 2006
    • 30509

    #2
    nope, but heres a bump for you
    TAEMDLRMSKRJIXMRLSMRJ.

    Comment

    • FreeFastHost
      Confirmed User
      • Oct 2001
      • 1588

      #3
      Two of my sites got hacked, jmbsoft are a bunch of retards, that's the last time I buy anything from them.

      Comment

      • jerzeemedia
        Confirmed User
        • May 2004
        • 1532

        #4
        FreeFast,

        Do you have ICQ so we can maybe compare what happened? I've got a situation I'm trying to patch up here and it'd help a great deal.

        Thanks,

        JM

        PS: Thanks for the bumps madawgz
        Last edited by jerzeemedia; 05-13-2006, 01:29 PM.
        Free Adult Blog Hosting
        http://www.waqn.com

        free porn
        www.mojohost.com - Best guys, best host.

        Comment

        • Big John
          Confirmed User
          • May 2006
          • 470

          #5
          Anybody have specific details? We were recently hit hard by exploits in i-rater, the heap of crap rating script. Would hate to be hit again.

          Comment

          • Babaganoosh
            ♥♥♥ Likes Hugs ♥♥♥
            • Nov 2001
            • 15841

            #6
            This should help you:

            http://www.*****************/index.php?showtopic=2530
            http://bbs.adultwebmasterinfo.com/sh...0&pagenumber=1
            I like pie.

            Comment

            • Big John
              Confirmed User
              • May 2006
              • 470

              #7
              Originally posted by Babaganoosh
              This should help you:.....
              Thanks - read both of those earlier but they say little. Only thing you can get from those threads is that it may be AGSQL causing it or the root cause may be something else.

              Without specific info on what the exploit is it's hard to protect yourself from it From what I've read it may not be the case that every site running agsql is at risk.

              Comment

              • jerzeemedia
                Confirmed User
                • May 2004
                • 1532

                #8
                Welp, here's an example of what I saw on the box:

                In /tmp, a script named 'x' was uploaded, as well as 'http', along with a directory named .ssh within /tmp. /tmp of course is set to noexec, however, if you provide the full path to the binary (example: /usr/bin/perl /bin/sh etc), you can execute it from outside of /tmp. Had my provider call me alerting me of a 60 meg outgoing DDoS to some ISPs from the server in question. This sounding familiar to anyone else yet?
                Free Adult Blog Hosting
                http://www.waqn.com

                free porn
                www.mojohost.com - Best guys, best host.

                Comment

                • Babaganoosh
                  ♥♥♥ Likes Hugs ♥♥♥
                  • Nov 2001
                  • 15841

                  #9
                  I tried to help out someone who had been hit with this. JMB said that they had seen this several times and in each incident the "hacker" actually logged in to the admin area. If that was the case, I assumed that he had gained access to the .htpasswd file. I added the site owners hostname to the .htaccess file so he would be the only one able to access the admin area and so far the attack hasn't happened again.

                  That obviously doesn't do anything to prove who is responsible for the security issue but it seems to have helped temporarily plug a hole. Time will tell.
                  I like pie.

                  Comment

                  • jerzeemedia
                    Confirmed User
                    • May 2004
                    • 1532

                    #10
                    babaganoosh,

                    Hmm, interesting. You know what I noticed however, is since I've firewalled SSH out ( I generally do this, but not with this server as per client's request ), the issues have stopped. But, your current method of rectification, I will try. Thanks a lot. Appreciate it.
                    Free Adult Blog Hosting
                    http://www.waqn.com

                    free porn
                    www.mojohost.com - Best guys, best host.

                    Comment

                    • elitetec
                      Too lazy to set a custom title
                      • Sep 2005
                      • 4944

                      #11
                      well its happend sometime,I've got a situation I'm trying to patch up here.



                      Add Your Site To My PR4 Blog
                      Selling Sig ICQ-200636146

                      Comment

                      • Terry
                        Confirmed User
                        • Jan 2002
                        • 1604

                        #12
                        I am having the same issue on my server and have asked JMB for help.. even offered to pay... so far nothing. Looks like I'll probably just change scripts if I dont hear back.
                        TengaCash
                        ICQ: 6776764

                        Comment

                        • Big John
                          Confirmed User
                          • May 2006
                          • 470

                          #13
                          It still sounds to me like people have problems that may not be specifically caused by the script and are looking for a scapegoat.

                          It's hard to protect yourself against a crap commercial script until after the event, as you presume people will code securely. However, there's 1001 ways to hack into a server outside of any vulnerability AGSQL may or may not have and it still sounds like people could be blaming the script for their general lack of security. Unsecure password files and SSH have been mentioned in this thread so far.

                          If it is the script I would love proper info on what the vulnerability is, but so far nobody seems to have any. From the very limited info available it seems quaite possible that people are blaming the script for problems they have elsewhere.

                          Comment

                          • VicD
                            ICQ: 304-611-162
                            • Feb 2005
                            • 13245

                            #14
                            No, don't forget to upgrade....

                            Comment

                            • flothrager
                              Registered User
                              • May 2005
                              • 1

                              #15
                              looks like jmbsoft is putting their money where their mouth is. i just saw this on their forums:

                              There have recently been some claims that a security hole in AutoGallery SQL has been used by hackers to
                              gain access to and compromise servers. We have done an extensive investigation, including examining a compromised
                              site along with a complete code review, and have found no evidence that such a security hole exists. Site owners
                              that have been hacked have also not been able to provide any evidence that shows a security hole.

                              To put this issue to rest and to show that we are serious and confident in our product's security, we are now
                              offering a $500 US dollar reward for anyone who can provide instructions for an AutoGallery SQL code exploit that
                              can be reproduced. Details on the requirements for this reward can be found below. If you have any questions
                              regarding this, you can send an e-mail message to [email protected].

                              1. The hack must be effective against a fresh installation of AutoGallery SQL version 3.5.0 or newer.

                              2. The hack must be effective against an unmodified installation. All AutoGallery SQL scripts must be the same that
                              are provided with the standard distribution.

                              3. The hack must be an exploit of the AutoGallery SQL code. Exploits of webserver software (Apache), telnet, SSH or
                              other programs will not be accepted. Successful hacks must show that the AutoGallery SQL code can be exploited to
                              allow access to the compromised server or allow the user to access the AutoGallery SQL control panel without having
                              prior knowledge of the username and password.

                              4. Hacks that simply utilize the AutoGallery SQL control panel to create files on a user's server will not be
                              accepted unless they are accompanied by details on a code exploit that allowed them to access the AutoGallery SQL
                              control panel without having prior knowledge of the username and password. It is known that files can be created
                              through the control panel, and this is a software feature, not a security hole.

                              5. Successful hacks should be sent to [email protected] with complete instructions on how the hack was done so
                              that it can be reproduced on a fresh installation of AutoGallery SQL. Upon confirmation of a successful hack, the
                              amount of $500 US dollars will be transferred to the PayPal account of the individual who provides the complete
                              instructions.

                              Comment

                              • JMB Software
                                Registered User
                                • Dec 2002
                                • 3

                                #16
                                Just want to update this information. We have increased the offer to $2000. Offical information and any updates will be posted at our site. See /reward.html at jmbsoft.com.

                                Comment

                                Working...