gisellebebegirl
Feb 27 2008, 04:08 PM
Ok so i was going through my email inbox, and i received a very scary email from my old host, starszz.com saying of this really dangerous thing going around with cutenews users.. ok let me summarize it hackers somehow found a way to hack your site by accesing your search.php file on your cutenews directory i googled into it, and there is a couple of Big sites that were hacked, and its adviced for you to delete the search.php file of your cutenews directory immediately, i dont know how this can be done, but imjust warning you i deleted my search.php file just in case! this is the email i got: QUOTE We were recently alerted to a dangerous cutenews vulnerability that could leave your site open to being hacked.
All hostees are advised to immediately delete the search.php file from your cutenews directory.
This is a serious vulnerability and should be treated as top priority.
Please do it now.
This flaw is not restricted to StarsZZ. It affects all sites using cutenews.
If you have other fansites with other hosts, you should also remove the search.php file.
Please let me know if you have any questions or problems.
Reply
somertonlord
Feb 27 2008, 04:43 PM
what are the chances my site will be hacked 
Reply
Bluebear
Feb 27 2008, 04:50 PM
Well I do actually need my search.php file, a lot. I see no reason why anyone would want to hack my page. I guess that I have to think about deleting it, but... nooo, not the search.php file! Argh...
Reply
jlhaslip
Feb 27 2008, 06:52 PM
Cutenews will likely come along with a 'fix' before too long. In the meantime, it might not be such a bad idea to drop the Search feature from your site. For security of your data and all of that... Has anyone been to the Cutenews site to confirm this is a problem? and what versions of Cutenews is affected? Might only be certain (older, unpatched) versions which are affected. *EDIT* Seems there is a simple enough fix for this one: http://cutephp.com/forum/index.php?showtopic=25900*runs off to fix his copy* bbl 
Reply
lemonwonder
Feb 27 2008, 08:51 PM
this is nice to know. Both that it was out and that there is a fix!!!
Reply
Saint_Michael
Feb 27 2008, 09:09 PM
WOW!! I think the guys of cutenews need to update and design a new version of cutenews, but I am surprise that it took this long to find something wrong with cutee news, especially something as major as that.
Reply
gisellebebegirl
Feb 28 2008, 02:09 AM
umm again follow through lmfao. according to some people at my old host, the guy who found that fix, started the project of fixing it, but did not, completely fix it, so you are still at risk.. because hackers can just search for your password, log in etc using that feature.. heres what i got from my old administrator.. im so comfused, i just changed the parts, like i was told here, and deleted the file, so its on my trashcan on my cpanel haha "We do not recommend our hostees to use this fix. It is easier to simply delete the file. Most fansites will not make use of the search function in any case. This particular file has had several previous vulnerabilities discovered. By removing the file entirely, you safeguard yourself from being open to any future vulnerabilites, and having to patch the file again, or risk being hacked. We were aware of the fix, but did not post it because we do not recommend it for our hostees. If you are not hosted here you are free to do as you wish, or as your current host suggests."
Reply
jlhaslip
Feb 28 2008, 02:13 AM
Have you considered transferring your site to another flat-file system? http://mylittlecms.zzl.org/Or snews cms http://snews.com is a database system that run on php and mysql? Or Joomla? There are other alternatives.
Reply
gisellebebegirl
Feb 28 2008, 02:25 AM
QUOTE(jlhaslip @ Feb 28 2008, 02:13 AM)  Have you considered transferring your site to another flat-file system? http://mylittlecms.zzl.org/Or snews cms http://snews.com is a database system that run on php and mysql? Or Joomla? There are other alternatives. anything as good or better than cutenews? i dont know. i already have over 200 "cutenews" posted for content for both Have-heart.net and chantelle paige international fansite, so i dont really want to re install anything, unless is absolutevely nesesary.. in the remote case that lets say cpanel got hacked.. would you [trap17] be able to restore everything? like do you have backups, of the hosted website.. or is that the hostees responsability? if so.. how can i download some of my files as a backup? just my html_public or whatever it is called folder? [containing cutenews] also, are cutenews, downloadable backups available? sorry for the endless questions (:
Reply
BuffaloHELP
Feb 28 2008, 02:26 AM
Ack!!! This comes too late for me. One of my sites was hacked by someone who boasted himself as a hacker. Deleted all my articles and completely wiped all categories. However, I had my backup made and was able to recover...but still My site was "lost content" from Feb 23 ~ Feb 27. A simple rule of making CuteNews to manage only partially may have saved me from whole lot of trouble. That just goes to show me--not one thing should be the complete content management for a site. I had 1/3 in CuteNews, 1/3 custom script and 1/3 plain HTML.
Reply
lemonwonder
Feb 28 2008, 07:49 PM
Okay. I do not know whether cutenews search will be / is used so ill fix it. Thanks BuffaloHELP
Reply
BuffaloHELP
Feb 28 2008, 03:15 PM
lemonwonder, If you're not using SEARCH within your CuteNews, just delete the file. Otherwise go to CuteNew's support forum and edit the search.php file to countermeasure the security hole.
Reply
lemonwonder
Feb 28 2008, 08:03 AM
I will still be using cutenews. I will make sure to make login details for cutenews different than cpanel though, don't want them accessing the whole site now, do we? I don't really mind if they wipe the news, I can always just backup, and it is not 100% chance that it'l happen to me.
Reply
BuffaloHELP
Feb 28 2008, 02:42 AM
QUOTE(gisellebebegirl @ Feb 27 2008, 09:33 PM) if cutenews was abandoned by the owner, i hope someone takes over CuteNews, like any other scripts, are vulnerable when people are developing it from the ground up. That's why people pay to have scripts that are thoroughly tested. But even with paid scripts there's a constant updates and patches to be on the look out. CuteNews have released the security measurement but I failed to check it on time. This forum, IP.Board, has alert notice section when a new or patch is available. Perhaps it's time for CuteNews to implement something similar. The fault might have been on CuteNews for leaving such hacking potential but that fault is also shared by me not checking CuteNews' support forum on a regular basis. And some clever guy just knowing how to manipulate this vulnerability has nothing to do with my position here at Trap17  If I were to place a blame, it's Google or other search engines making it easy to search all sites with CuteNews interface without much effort.
Reply
Recent Queries:--
cutenews comments error - 22.52 hr back. (1)
-
how to hack cutenews - 30.56 hr back. (1)
-
what happens if you remove powered by cutenews - 63.01 hr back. (1)
-
godaddy wordpress vulnerability index.php - 72.62 hr back. (2)
-
how to hack a site through cutenews - 79.42 hr back. (1)
-
how to remove cutenews - 100.07 hr back. (1)
-
how can i add a little logo in cutenews - 102.35 hr back. (1)
-
cutenews comments permission - 137.91 hr back. (1)
-
cutenews upload file exploit - 153.76 hr back. (1)
-
cutenews like - 163.20 hr back. (1)
-
cutenews password hack script - 165.58 hr back. (1)
-
cutenews hacking - 168.62 hr back. (1)
-
two cutenews on same server - 175.90 hr back. (1)
-
i deleted cutenews, can i re-install it? - 189.74 hr back. (1)
Similar Topics
Keywords : cutenews, alert, site, hacked
- Wallpaper Site
(4)
Hosting Problem [resolved]
403 Forbidden Error occurs whenever I try to access my site (22) First off, let me say that I have spent considerable effort and time going through the forums
seeking solutions for this problem. I have even gone as far as to seek help from the Xisto Live
support team (they suggested I wait 2 hours and then get back to them. Well I did that, and there
has been no change, and live support is now down). I've also tried changing permissions on both
files and folders via Cpanel, but to no avail. I still end up with the same error: QUOTE
Forbidden You don't have permission to access /index.php on this server. Additionally, a 4....
Can't Login To Any Software On My Site
anyone know how to fix? (3) In a subdomain of my site I have an installation of MediaWiki, and until now it's been working
fine. But today I've been having trouble with it. Previously, whenever I logged into MediaWiki
it worked first time and I would stay logged in for about an hour, even without the "Remember Me"
option checked. But I tried logging in now, and after logging me in, the next page I went to showed
me as "not logged in". I cleared the cache as I know this has been a problem before, and then tried
logging in again, but it still said I was not logged in! So I tried one more ....
I Need Help With Setting Up My Site, Made Using Java
any help would be appreciated (5) I just got web hosting approved and I want to host the site I created using Struts framework.
I'm a complete newb when it comes to web hosting, so I need a little help. Is there a tutorial
that covers this subject? I apologize in advance if this question was already answered, but
I've been unable to find the answer anywhere. One thing I have to note is that I need to know
absolute address of the uploaded files in order for my application to work. Is this even allowed?
Any help with hosting of Java applications will be appreciated.....
No Site Access
(4) It was working the day before yesterday and then it started giving me error messages about not being
able to access the site. I can't access cpanel either. Neither page ever loads. I don't
have this problem with any other internet pages, just my site stuff on Trap17. My site's at
www.jzambrano.trap17.com btw. This is one of the few times I'll need it up for sure so I'd
appreciate if the issue can get fixed in the near future. ....
Can't Access My Site An Cpanel
already did some sugested things (4) I still can't get to my website and cpanel, Tings I did: requested xisto to unblock my ip
cleaned my cache/cookies Did this with both IE and FF When I am @ my dads house he can acces my
website. So I guess it is still an ip problem. I did read some posts but couldn't find a
solution. Thx in advance,....
Can't Access My Site....weird Issue
(5) Okay, so last night everything worked fine. I loaded up cpanel, fixed issues with the site after the
database move, etc. Today I'm unable to load up the site. It just keeps giving me ping
timeouts. With what I'm being told by others it is only me having this issue with my site, and
yet there have been 0 changes to my pc between it working and not. I have tried multiple times
during the day with no luck. Along with this, if I load my website using a proxy service then I do
not have any issues. The only time it will not allow me to access it is if I am "using" my....
Reset My Site Pelase
read for more info (6) Can you just reset my cpanel / website FTP and all to how it was when I got it new please? Don't
change any passwords, just make it so it's like brand new again. thanks --why? because I have
some files in public_HTML that I am trying to delete even after I give it 777 it says permission
denied so please reset /smile.gif" style="vertical-align:middle" emoid=":)" border="0"
alt="smile.gif" />....
Site Help [resolved]
Showing good on one site but but here on trap17 (6) Okay here is the problem. My site www.echo-of-thunder.trap17.com is not showing any graphics,
Background header logo nothing. Uploaded them all. now here is the kicker to this. it all shows just
like it it is supposed to show up on my old host What am I doing wrong here.....
My Site Fails To Load
My site always times out, and fails to load (16) Hey all... Whe I try to access my site, it always times out, when I try to ping, it does the
same... DNS records are accessible, and I get all my emails for the domain (todorowww.net)... I am
hosted on Gamma server, and I can access it, and get that cPanel page... But, when I try my site, it
won't load... Is there some problem with the server or something? FTP doesn't work either...
This is the case for a few days now, at first I thought it was just a temporary error, but it
appears not to be... I have avout 20 credits left, so that shouldn't be the issue.......
I Bought A Domain Name Through Godaddy And I Need To Know How To Point It At My Trap17 Site Help Plz.
(2) I would like to point my .com at my forums on here but am unsure how to do it. BTW my site is
http://racuria.trap17.com/forums ....
Where Does That Noise Come From?
My Trap 17 web site beeps (6) I am posting this here rather than in the 'Web design' topic as it seems to be something
which happens exclusively to my Trap 17 web site. When i have my web site open, which you can find
here , every so often (quite regular actually) a short and high pitched beep is sounded. At first I
thought it had something to do with my sound card or my PC, but recently I discovered it only
happens when I have my site open. It does not matter which page of the site I have open, or whether
the page has multimedia embedded in it, I get it regardless of the page I am on. Has....
Site Down After Server Transfer
(3) Hello, I am wandering why my site is down after server transfer. I cannot access control panel
also. Few days ago I was able to ping the site however now I cannot do that either. My domain name
is: zedsi.com however my main traffic is comming from my blog: blog.zedsi.com Any suggestions why
it is still down would be appreciated. On the other hand I have checked on
www.xisto.com/network-status and gamma is online. Thanks in advance. Best Regards, Hitmanblood....
Site Back Online, But....
Works on anyone's machine but mine. (20) I got a reply from Xisto today that my site was up and running again. Yet, when I surf to it, it
will not load, also, my email client keeps telling me the POP3 server (the one related to my domain)
timed out. My Cpanel will not open neither. On my son's laptop (on the same network, hence same
IP address) the site loads immediately. Has anyone got any idea what the problem my end could be?
Thanks.....
Server Issues? Web Site Down? Cpanel Access?
Server Migration issues to report. (48) I tried downloading my email from website this morning and Thunderbird said it couldn't access
it the server. Then I tried loading my website - to no avail. Does anyone have any idea what's
going on? Is anyone else experiencing this? Seems like this is the second time this spring this has
happened. Is an upgrade going on, or something? Thanks in advance for your help! ....
Wordpress Backup For A Server Move
backing up a Wordpress site (2) i have question: how can we backup wordpress from fantastico...is it possible to backup and move
it to new host if you want?....
My Site Is Down... Again [resolved]
(4) My site and forum have been down for the last 4 hours. It appears to be the php scripts only that do
not work, as every other part of my site is working okay. But my site is a php powered CMS and
forum. This down time has actually been happening a lot. Its particularly frustrating when trying
to add content on the site(joomla), and the page times out and everything gets lost and I have to
start over again. It is hard to have a community when the site is never working. When is my site
going to come right? And why all the down time? I noticed that in server status the ....
Thinking About New Site, But...
How? (5) Alright, here's the deal: I'm thinking about creating a new site called
www.USACompanies.com (or at least the name I'm going with right now) to provide Americans with
info about how many employees of companies are Americans, what percentage of total employees of
companies are Americans, what the average salaries of workers are, what CEO's are paid, what
benefits companies give workers, etc. Basically an informational site allowing Americans to support
companies that are good for America. Anyway, here's the dilemma: I'm not sure whether to
set ....
Some Pages On My Site Won't Even Load..
(6) Ever since today, my site has been working just fine. I'm maintaining the amount of points I
need, and the server status has been and still is fine. However, a while ago I tried to access my
site and it wasn't loading. When I loaded the root URL, it worked fine though. I went to the
file manager and noticed that the file I was trying to previously access was .php, and the index
file at my root URL was .html. I deleted the index.html file and made a index.php file, then tried
loading it again. Safari gave me the following message: QUOTE Safari can’t ope....
How To Publish My Site Through Expression Web
i don't know how anyone could help me (4) i'm using expression web and i like to publish my site directly here problem is i don't know
how can anyone help me....
Strange Site Problems
(2) This morning i ran out of credits, but I immediately got them back up to 7. All day I've been
trying my site, and it keeps timing out, and on the odd occasion comes up with a MySQL error. I was
just able to login to my cpanel, and my space usage was 550mb. Yesterday is was approximately 256mb,
and i didnt upload anything. I had to delete files to get it back down to 470, but I cant find what
has made it so big. Now I get a MySQL error on my forum. What do I do?....
Site Down-up-down-up [resolved]
(12) Can someone please tell me why my site every once in a while can't connect...then 10 minutes
later it works...then another time it goes off again....then works then doesn't work then works
then Doesn't work!!! Does this all the time, it is working right now but didn't
a few minutes ago..I tried on both my computers, all browsers... It is really making me mad and
needs to be fixed so the sites are up all the time !....
My Site Wont Show Up
Help! (4) Hi, I'm new in this hosting service but I have an experience in handling a site. First off, my
problem is my site is not showing up. Even though I have the things settled. The only thing I did is
that I delete some numerous files in my FTP because I dont know how to delete my SMF forums because
when I want to give more scripts that are installed in Fantastico a try; so I delete some files and
folders there wishing that could help in deleting SMF. If I've deleted some files and folders,
then maybe that's the problem. But I'm not sure what to do right now....
Site Keeps Blacking Out/disappearing
(3) I dont know if this has happened to any other sites, but today, my addon-domain (adminhelpline.com)
has been timing out randomly, taking ages to load, etc. ive only been able to access it half the
day! I havent used anywhere near my limit of bandwidth, or file diskspace. I notice the
Trap17.com website loads fine, so I am a bit confused about this /blink.gif"
style="vertical-align:middle" emoid=":blink:" border="0" alt="blink.gif" /> Any ideas why this
keeps happening? Thanks /smile.gif" style="vertical-align:middle" emoid=":)" border="0"
alt="smile.gif" />....
Site Gone? [resolved]
Aeara learns the hard way again... (7) Hello Staff here's my situation: I haven't posted since tuesday and I believe I had 4 or 5
days left today. I had 0.23 Hosting Credits left, yet I posted a few times just today...to recieve
5.88 hosted days again however the following quote is what I recieved when I typed for my site url.
QUOTE The requested URL could not be retrieved
-------------------------------------------------------------------------------- While trying to
retrieve the URL: http://www.legendsofhyrule.trap17.com/zelda The following error was
encountered: Unable to determine IP....
I Cannot Access My Site. [resolved]
Am I blocked by Firewall? (13) Hi, is there a server problem? All of a sudden I cannot get through to
http://www.vlaanderen-flanders.org.uk anymore, nor can I FTP. Could someone check this out,
please?....
403 Forbidden Error When Accessing My Site
(11) umm this is a problem that i have been looking in other topics to try to fix but i can't seem to
find a answer to what i lookin for. I got my site workin again the other day ok and so i went on to
see it (so i can make more changes) and when i got there i got this QUOTE Forbidden You
don't have permission to access / on this server. Additionally, a 403 Forbidden error was
encountered while trying to use an ErrorDocument to handle the request. Apache/1.3.33 Server at
www.clansga.trap17.com Port 80 now i looked at everything and i can't seem to find t....
Help With Cutenews
How Can I Put It On My Frontpage Site? (4) I installed CuteNews on my hosting account and I can't figure out how I can put the news on my
site. Can someone help? Thanks alot!....
Mysql Database Setup : Setting Up Mysql Database
Guide to use MySQL database in your site (6) A SMALL INTRODUCTION TO DATABASE ============================= I have seen that many members have
problems with Database. Here is a small INFO which should give you the IDEA. mySQL is a DATABASE
server. You can access it using the link in Cpanel. Cpanel can be accessed by
"www.YOUR-SITE.com/Cpanel" There you have 4 Main Options :- 1> CREATE A DATABASE 2> CREATE A USER
3> ADD USER TO DATABASE 4> PHPMYADMIN CREATE : IT ALLOWS YOU TO CREATE A DATABASE CREATE USER
: IT ALLOWS YOU TO CREATE A USER. USING THIS, YOU CAN ACCESS THE DATABASE. A DATABASE CANNOT BE....
Help!!
Help me on my site.... (8) Sorry, I may seem like a total geek, but where should I upload my index page, and what should it be
named, and are page names case-sensitive? Thank you very much.....
Looking for cutenews, alert, site, hacked
|
*RANDOM STUFF*
*SIMILAR VIDEOS*
Searching Video's for cutenews, alert, site, hacked
*MORE FROM TRAP17.COM*
|
advertisement
|
|
