Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
IOS Hotels
and
IOS Rentals
online booking systems for Elxis CMS.
Home
Help
Login
Register
Elxis CMS Forum
»
Support
»
Security
»
Getting Elxis site down by collation
« previous
next »
Print
Pages: [
1
]
Author
Topic: Getting Elxis site down by collation (Read 7019 times)
Ivan Trebješanin
Elxis Team
Hero Member
Posts: 1663
Getting Elxis site down by collation
«
on:
December 15, 2007, 04:21:55 »
Here's the new way of breaking down Elxis site: just change DB collation. This is what happened to one of my clients. Someone have hacked and changed DB collation to latin_swedish_ci. It took me 2 minutes to find out what happened and get the site online again, but I thought it would be good to share this with you guys. I added two new filters: COLLATE and COLLATION, and hope it will be enough to stop such attacks.
You may also add this to .htaccess:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} libwww-perl [NC]
RewriteCond %{REQUEST_URI} !^/path-to-your-custom-403-error-page\.html$
RewriteRule .* - [F]
or this:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} libwww-perl [NC]
RewriteRule .* - [F]
«
Last Edit: December 15, 2007, 04:53:20 by Ivan Trebješanin
»
Logged
I've got a snap in my finger...
Got rhythm in my walk...
datahell
Elxis Team
Hero Member
Posts: 10356
Re: Getting Elxis site down by collation
«
Reply #1 on:
December 15, 2007, 08:45:57 »
How he changed DB collation? This has nothing to do with Elxis. I don't understand.
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
Ivan Trebješanin
Elxis Team
Hero Member
Posts: 1663
Re: Getting Elxis site down by collation
«
Reply #2 on:
December 15, 2007, 12:16:11 »
Me neither... Yesterday Elxis Defender sent me lots of messages about attacks, using ADODB (filtered). I believe this guy is not some kid, as he have put 3 phishing sites few weeks ago on this server. If he had acces to CPanel, I believe he would take advantage and install few banking sites again. But I don't know how could change collation from frontend??? He was using libwww-perl user agent. Maybe he hacked around the CPanel, even it seems imposible.
«
Last Edit: December 15, 2007, 13:12:27 by Ivan Trebješanin
»
Logged
I've got a snap in my finger...
Got rhythm in my walk...
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Support
»
Security
»
Getting Elxis site down by collation