 Cutenews Alert!~ Your Site Might Be Hacked! |
|
|
|
|
  |
 Feb 27 2008, 04:08 PM
Post
#1
|
|
|
Super Member  Group: [HOSTED] Posts: 265 Joined: 25-November 07 From: a beach, in California Member No.: 53,718  |
Ok so i was going through my email inbox, and i received a very scary email from my old host, starszz.com saying of this really dangerous thing going around
with cutenews users.. ok let me summarize it hackers somehow found a way to hack your site by accesing your search.php file on your cutenews directory i googled into it, and there is a couple of Big sites that were hacked, and its adviced for you to delete the search.php file of your cutenews directory immediately, i dont know how this can be done, but imjust warning you i deleted my search.php file just in case! this is the email i got: QUOTE We were recently alerted to a dangerous cutenews vulnerability that could leave your site open to being hacked.
All hostees are advised to immediately delete the search.php file from your cutenews directory. This is a serious vulnerability and should be treated as top priority. Please do it now. This flaw is not restricted to StarsZZ. It affects all sites using cutenews. If you have other fansites with other hosts, you should also remove the search.php file. Please let me know if you have any questions or problems. |
 |
 
|
|
Feb 27 2008, 04:43 PM
Post
#2
|
|
|
Newbie [Level 2] Group: Members Posts: 30 Joined: 14-February 08 From: England Member No.: 57,865 |
what are the chances my site will be hacked
|
|
|
|
|
Feb 27 2008, 04:50 PM
Post
#3
|
|
|
Super Member Group: [HOSTED] Posts: 395 Joined: 30-December 07 From: Norway Member No.: 55,479 |
Well I do actually need my search.php file, a lot. I see no reason why anyone would want to hack my page. I guess that I have to think about deleting it, but... nooo, not the search.php file! Argh...
|
|
|
|
|
Feb 27 2008, 06:52 PM
Post
#4
|
|
|
A computer once beat me at chess, but it was no match for me at kick boxing.  Group: [MODERATOR] Posts: 3,874 Joined: 24-July 05 From: In Trouble Again... still? Member No.: 9,787  |
Cutenews will likely come along with a 'fix' before too long.
In the meantime, it might not be such a bad idea to drop the Search feature from your site. For security of your data and all of that... Has anyone been to the Cutenews site to confirm this is a problem? and what versions of Cutenews is affected? Might only be certain (older, unpatched) versions which are affected. *EDIT* Seems there is a simple enough fix for this one: http://cutephp.com/forum/index.php?showtopic=25900 *runs off to fix his copy* bbl 
|
|
|
|
|
Feb 27 2008, 08:51 PM
Post
#5
|
|
|
Super Member Group: Members Posts: 343 Joined: 28-July 06 Member No.: 27,449 |
this is nice to know. Both that it was out and that there is a fix!!!
|
|
|
|
|
Feb 27 2008, 09:09 PM
Post
#6
|
|
|
$p4m 0n j00 $h4m3 m3 0nc3 $p4m 0n m3 $h4m3 m3 7\/\/1c3 Group: [HOSTED] Posts: 6,304 Joined: 21-September 04 From: 9r33|\| 399$ 4|\|D 5P4/\/\ Member No.: 1,218  |
WOW!! I think the guys of cutenews need to update and design a new version of cutenews, but I am surprise that it took this long to find something wrong with cutee news, especially something as major as that.
|
|
|
|
|
Feb 28 2008, 02:09 AM
Post
#7
|
|
|
Super Member Group: [HOSTED] Posts: 265 Joined: 25-November 07 From: a beach, in California Member No.: 53,718 |
umm again follow through lmfao. according to some people at my old host, the guy who found that fix, started the project of fixing it, but did not, completely fix it, so you are still at risk.. because hackers can just search for your password, log in etc using that feature.. heres what i got from my old administrator.. im so comfused, i just changed the parts, like i was told here, and deleted the file, so its on my trashcan on my cpanel haha
"We do not recommend our hostees to use this fix. It is easier to simply delete the file. Most fansites will not make use of the search function in any case. This particular file has had several previous vulnerabilities discovered. By removing the file entirely, you safeguard yourself from being open to any future vulnerabilites, and having to patch the file again, or risk being hacked. We were aware of the fix, but did not post it because we do not recommend it for our hostees. If you are not hosted here you are free to do as you wish, or as your current host suggests." |
|
|
|
|
Feb 28 2008, 02:13 AM
Post
#8
|
|
|
A computer once beat me at chess, but it was no match for me at kick boxing. Group: [MODERATOR] Posts: 3,874 Joined: 24-July 05 From: In Trouble Again... still? Member No.: 9,787 |
Have you considered transferring your site to another flat-file system?
http://mylittlecms.zzl.org/ Or snews cms http://snews.com is a database system that run on php and mysql? Or Joomla? There are other alternatives. |
|
|
|
|
Feb 28 2008, 02:25 AM
Post
#9
|
|
|
Super Member Group: [HOSTED] Posts: 265 Joined: 25-November 07 From: a beach, in California Member No.: 53,718 |
QUOTE(jlhaslip @ Feb 28 2008, 02:13 AM)  Have you considered transferring your site to another flat-file system? http://mylittlecms.zzl.org/ Or snews cms http://snews.com is a database system that run on php and mysql? Or Joomla? There are other alternatives. anything as good or better than cutenews? i dont know. i already have over 200 "cutenews" posted for content for both Have-heart.net and chantelle paige international fansite, so i dont really want to re install anything, unless is absolutevely nesesary.. in the remote case that lets say cpanel got hacked.. would you [trap17] be able to restore everything? like do you have backups, of the hosted website.. or is that the hostees responsability? if so.. how can i download some of my files as a backup? just my html_public or whatever it is called folder? [containing cutenews] also, are cutenews, downloadable backups available? sorry for the endless questions (: |