How To Protect Your Scripts and Prevent Them From Being Hacked

1. Keep them up to date, check the homepages of the scripts you have installed and make sure you install the latest versions as they come out. Fantastico scripts lag behind on patch installations so sometimes you might need to do it yourself.

2. Make sure to follow installation directions and not leave any permissions open to world write, this can cause major problems and is the number one reason why scripts are usually hacked.

[stonecold]

Also simply dont use fanstatico. Which was the root of the problem to begin with. IT is a common problem with fanstatico to chmod 777 with some scripts.

So the moral of this story kids is dont be lazy and install by hand.

[stonecold]

P.S.

The hosting community has known since October 2005 about the Fanstatico 777 exploit. Take it for what it is worth but I dont remember an email from hostgator about this. Amazing what google will teach you about exploits and it is suggested that WHM admins edit mod_security with the following
(Do not do)
SecFilterSelective THE_REQUEST "arta\.zip"
SecFilterSelective THE_REQUEST "cmd=cd\x20/var"
SecFilterSelective THE_REQUEST "master_files"
SecFilterSelective THE_REQUEST "HCL_path=http"
SecFilterSelective THE_REQUEST "clamav-partial"
SecFilterSelective THE_REQUEST "vi\.recover"
SecFilterSelective THE_REQUEST "netenberg"
SecFilterSelective THE_REQUEST "psybnc"
SecFilterSelective THE_REQUEST "fantastico_de_luxe"

Note that this is not an offical fix it just keeps WHM clients from having corrupted files from the fanstatico install dirs where people seem to be place irc bots and re direct scripts
(/do not do) Old information assuming you keep up with fantastico updates.


As far as fixes for people who use Fanstatico it will have to come from the people who make fanstatico them selves to find anotehr way of installing the scripts with out having to chmod 777


P.S. If you were a victum of Fanstatico and would like to see them stop using 777 for key files and folders please go bother http://www.netenberg.com They make Fanstatico.... Enough said.

[Kelmas]

Also, it is advisable to turn register_globals off using .htaccess file and use POST and GET arrays instead of global variables.

[Darkwind]

Quote:

Originally Posted by Kelmas

Also, it is advisable to turn register_globals off using .htaccess file and use POST and GET arrays instead of global variables.

This should be set to off via the php.ini file.

[SimplyBea]

Quote:

Originally Posted by stonecold

Also simply dont use fanstatico. Which was the root of the problem to begin with. IT is a common problem with fanstatico to chmod 777 with some scripts.

So the moral of this story kids is dont be lazy and install by hand.

So - how does one do that??????

How do I install a script on the server? I am on a Baby account????

tia
Bea *very nervous*

[quietFinn]

Quote:

Originally Posted by SimplyBea

So - how does one do that??????

How do I install a script on the server? I am on a Baby account????

tia
Bea *very nervous*

Install using Fantastico.
After that check that you have the latest version (there's always a link in Fantastico), if not, do an upgrade.

Also check if there is phpSuExec installed in the server you are in (check this thread: http://forums.hostgator.com/showthread.php?t=8822).
If it is then your scripts don't need any 777 permissions (and they actually do not run with those).

[joomlasolutions_JB]

add this to your .htaccess for increased protection against common attacks againts Mambo/Joomla :


########## Begin - Rewrite rules to block out some common exploits
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits

[SimplyBea]

Quote:

Originally Posted by quietFinn

Install using Fantastico.
After that check that you have the latest version (there's always a link in Fantastico), if not, do an upgrade.

Also check if there is phpSuExec installed in the server you are in (check this thread: http://forums.hostgator.com/showthread.php?t=8822).
If it is then your scripts don't need any 777 permissions (and they actually do not run with those).

I checked and it seems my server does have phpSuExec........ and I have read Andre's instructions and the comments in the thread - my head is spinning with all the techie talk!!!!!!!!

So in order to run ZenCart 1.3.5. which is not yet in fantastico, I should just ftp the files up into my directory?

Does phpsuexec create problems with zencart???? I haven't uploaded it yet, am still testing it out on my pc - but just wanted to know if anyone here has had problems? and if so - how did you resolve it?

thanks

[Serra]

PHPSuExec is simple. Just remember these rules:

1. The owner of a file must be owner, not root or nobody. That means that if you uploaded a file before PHPSuExec was installed, then you might have a problem. If it was uploaded after, there will be no problems.

2. The file must not be 777 in permission. This normally doesn't just happen, someone has to change it, so it shouldn't be a worry.

3. Directories must not be 777 in permission. Same thing, as above.

For Zen Cart, just ignore any instructions that tell you to set things to 777, both directories and files and you should be fine.

[SimplyBea]

Serra

Thanks - I will have a look around and see if I get it right.

I really appreciate this forum and the support staff here at HG. I am REALLY glad I moved here (even though it has been barely two weeks!!!) but boy oh boy - what adifference from %^$# Yahoo non-service..........

[natep123]

thanks for tip i will check my directories for such permissions.

[jakeruston]

Thanks for all the great tips, especially the one about not using Fantastico.

[charlesgan]

weak password is another big cause of being hacked..
make sure you apply strong password combination for your login page.

[kmaw]

Quote:

Originally Posted by charlesgan

weak password is another big cause of being hacked..
make sure you apply strong password combination for your login page.

I love how you just reiterated the information already contained in this old thread... just digging up threads to post to???

[charlesgan]

Quote:

Originally Posted by kmaw

I love how you just reiterated the information already contained in this old thread... just digging up threads to post to???

definately not, its a sticky thread now.

my hosting with IX got hacked lately, and password security had rised to my top priority in securing my site/account

[lcorbett]

I realize this is a relatively old thread, but I found it on a forum search on another subject I was curious about.
So my question is this....do all of HostGator's servers have phpSuExec installed on them now?
I just recently installed (through Fantastico before I found this thread) Joomla!, Moodle and ZenCart.

I created a php file called "phpinfo.php" with the following line of code inside:
<? phpinfo(); ?> and uploaded it into my public_html directory. When I access the file with my browser, I see in the SERVER API row "CGI". Does this mean I'm OK?


Thanks,
Lori

[slapshotw]

Yes, they all do, and yes, you are.

[lcorbett]

ok...thanks!

[Pazeh]

if you are using custom made script like wordpress, remove the script name or version # (at least) from the source code. This will make ur site harder to be recoginzed by the "bad guys"!!

Be sure that removing this does not violate the TOS!

[gwyneth]

Also, many scripts have instructions about removing certain files after installation (such as install.php or config.php), or renaming some directories. Zen Cart, for instance, encourages users to rename several sensitive directories.

Virtually all popular web apps have information about making their installations more secure, and it's worth tracking it down.

[ronniead]

is there any software anyone can recommend which looks for files or directories with that chmod setting? There's no way I'm going through every folder and file!