Elxis CMS Forum

Support => Security => Topic started by: benone on December 14, 2009, 20:23:06

Title: Strange visitors
Post by: benone on December 14, 2009, 20:23:06

Hi people.

I noticed some strange ip's on my site these days after which I began to receive php error warnings. When I checked to see the folder in questions, I found folders in it which I never created. The original version "2009.0_Pandora" has no such folder either. I checked the latest backup and still nada. So I conclude that something has tampered with my files and folders. 

To cut a long story short, I'll be happy if someone could kindly tell me which directories I can password protect on the server.

The last IP I found visiting is 216.129.119.41. How do you determine if you are being attacked? (I don't hack anyone so I don't know)

I will also like to know where exactly Elxis stores the autonomous pages/files that I created so that I can modify them outside Elxis.

Thank you in advance.

Title: Re: Strange visitors
Post by: CREATIVE Options on December 14, 2009, 20:33:04

Your latest visitor is Cuil a new search engine.

more info:http://www.cuil.com/info/webmaster_info/ (http://www.cuil.com/info/webmaster_info/)

Title: Re: Strange visitors
Post by: datahell on December 14, 2009, 20:36:51

Which directories were created? Did they had anything in them or they were empty?
You don't need to password-protect any directory.
- Set the proper permissions for files/folders. You site's www folder should not be writeable.
- Make sure your php set up is secure (allow url fopen is disabled, register globals are disabled, exec, popen, system, ..., are disabled).
- Enable the Elxis Defender.

Title: Re: Strange visitors
Post by: benone on December 14, 2009, 22:03:46

yes, I saw cuil and i verified that was a new search engine. the other one was yandex.ru. In any case the folder that changed is "cache".

below is the error I get when I hit the "clear cache" tab under tools:

I have added M to index_.php

URI: indexM.php?option=com_admin&task=tools&tname=clean_cache
Path: /includes/Core/filemanager.class.php
Line: 928
rmdir(/home/www/mysite.com/cache/static/content/blogcategory/) [function.rmdir]: Directory not empty 

URI: indexM.php?option=com_admin&task=tools&tname=clean_cache
Path: /includes/Core/filemanager.class.php
Line: 928
rmdir(/home/www/mysite.com/cache/static/content/) [function.rmdir]: Directory not empty

URI: indexM.php?option=com_admin&task=tools&tname=clean_cache
Path: /includes/Core/filemanager.class.php
Line: 928
rmdir(/home/www/mysite.com/cache/static/) [function.rmdir]: Directory not empty

Where exactly does Elxis store the autonomous pages whenever I create one?

Security test under updiag tells me everything is ok though. Thanks Datahell.

Title: Re: Strange visitors
Post by: datahell on December 14, 2009, 22:16:44

Update to Elxis 2009.1 Hecate, especially if you use static cache.

Elxis creates folders and files inside the "cache/static/" directory, this is normal.
On Elxis 2009.0 static cache will create some folders that should not have been created due to "strange" requests. This is not a security threat but these folders should not have been created. After you update to 2009.1 this problem will be fixed.

Elxis stores everything in the database, so autonomous pages are stored in the database (table elx_content).

Title: Re: Strange visitors
Post by: benone on December 15, 2009, 01:16:08

 ;D Ok. I'll update , i.e if I don't break everything up by my own hands! A thousand thanks for the information.