1 sweda Sep 22, 2009 08:19
3 sweda Sep 22, 2009 10:42
That's interesting, the file appears to have gone. I deleted it manually before upgrading to 3.3.1 (the hit in the log I was looking at must have been left over from the previous installation). So problem solved for now. The installation with the issue was 2.4.5 installed via Fantasico De Luxe.
If you look [url=http://www.google.co.uk/search?hl=en&q=%22media%2Fblogs%2Fphotos%2Fbase.php%22&btnG=Search&meta=]here, it's a Google search for "media/blogs/photos/base.php"[/url] your see a link to our website titled Buy Cheap Calan (Calan Sr) Online, this link would appear for a variety of pharmaceutical terms and the base.php file to pass them on to a website (clicking on it now just gives file not found as the base.php file is gone). The website that the link transfered you to isn't in my Internet Explorer history so I can't point people to the offending site.
I don't know whether the installation was hacked, which would be worrying, or whether there was something dodgy in the original installation but there might be something new out there! Searching for "media/blogs/photos/base.php" only gives links to our site, so it's not widespred but then I suppose that a dodgy base.php file could be placed in any folder.
I'll keep an eye out in the future and post the file if it reappears (I didn't keep a copy)
4 sweda Sep 22, 2009 11:03
I found a html file in the internet Explorer cache titled base.php?health_good=1&category=2484 (there was another with category=825). It was a copy of our index page with the following inserted into the header, so we may have been hacked, or the base.php file may have been running something as it was requested by search engines.
<iframe border=0 style="border:none" width="100%" height="100%" src="/b2_blog/media/blogs/photos/base.php?vprx=1&
prx=nUE0pQbiY3OupzZhq3ZipUNipUWiMUIwqS9cozMiYaObpQ9jpz9xqJA0CJS0nKMuot%3D%3D&
nd=Y2VlK2Wfo2pioJIxnJRiLzkiM3ZipTuiqT9mY2Wup2HhpTujC3Mjpat9ZFMjpat9oyISZUOELzyMZx1fGHcWZ01XI21jISA3GHL1rT52BJ1AFyA
fGQW0nUOHqJcQZ1V5GRgSL3S6H2uKrwNjD0qFraO6EQyZEx1goyRjrIbjEJclLH9wDHcenScWDHuUF3yeJwABWGAR"></iframe>
<html><head>
<title>Ativan (Lorazepam) For Back Pain - Trusted Pills Catalog</title><base href="http://swedauk.org/" /><meta name="description" content="ativan for back pain, generic ativan (Lorazepam), buy ativan in the uk, buy medication ativan (Lorazepam), ativan ups">
5 yabba Sep 22, 2009 11:17
The fact that base.php existed in the first place suggests that you were hacked ;)
¥
6 edb Sep 23, 2009 00:38
Shared hosting without suphp and with media folder (any folder actually) CHMOD'd to 777 is the probable root cause of this type of hack. Another user on your server has permission to access 777 folders is how.
Ask your host if they have suphp and if not tell them to get it or you'll have to move. Then you won't need 777 anymore.
7 sweda Sep 23, 2009 08:36
Thanks, if I change the access permissions for the media folder to 755 will that solve the problem or will that cripple b2evolution? Are there any requirements for b2evolution folder permissions? I'm not worried about uploadable media.
8 yabba Sep 23, 2009 18:48
On non-suphp servers : /media/ and all it's brethren need to be open to raping by the worlds iq challenged population ... commonly known as skiddies ... or 0777
I wouldn't pay for hosting on a server that required that ;)
¥
9 edb Sep 23, 2009 20:21
sweda wrote:
Thanks, if I change the access permissions for the media folder to 755 will that solve the problem or will that cripple b2evolution? Are there any requirements for b2evolution folder permissions? I'm not worried about uploadable media.
No. The problem is somebody already got in. You have to purge all the crap first, then close the door. Going with 755 *should* work after the malicious badness is gone.
The only thing b2evo needs 777 is your /media/ and /media/blogs/ and /media/users/ folders. If you don't care about uploading images and stuff through the admin interface then doing 755 won't matter at all.
Still, your host is living in the past. Inexpensive hosts can and do provide quality hosting, and no suphp is like saying you can only have .html files. Just.Plain.Wrong.
There is no base.php in a default b2evo install. Can you post the contents of that file?
¥