Serendipity Forums

User and developer community
https://board.s9y.org/

Someone trying to hack my blog?

https://board.s9y.org/viewtopic.php?t=17248

Page 1 of 1

Someone trying to hack my blog?

Posted: Thu Dec 23, 2010 10:43 am
by jwdonal
I'm getting a lot of errors in my apache log file (from multiple IP addresses too) that look like this:

Code: Select all

[Thu Dec 23 09:01:40 2010] [error] [client 41.100.226.203] PHP Warning:  mkdir(): Permission denied in [path]/xupv2p/htmlarea/plugins/ImageManager/Classes/Files.php on line 82, referer: https://rm-rfroot.net/xupv2p/htmlarea/plugins/ExtendedFileManager/backend.php?__plugin=ExtendedFileManager&&
[Thu Dec 23 09:01:40 2010] [error] [client 41.100.226.203] PHP Warning:  chmod(): No such file or directory in [path]/xupv2p/htmlarea/plugins/ImageManager/Classes/Files.php on line 83, referer: https://rm-rfroot.net/xupv2p/htmlarea/plugins/ExtendedFileManager/backend.php?__plugin=ExtendedFileManager&&
[Thu Dec 23 09:01:40 2010] [error] [client 41.100.226.203] PHP Warning:  mkdir(): Permission denied in [path]/xupv2p/htmlarea/plugins/ImageManager/Classes/Files.php on line 82, referer: https://rm-rfroot.net/xupv2p/htmlarea/plugins/ExtendedFileManager/backend.php?__plugin=ExtendedFileManager&&
[Thu Dec 23 09:01:40 2010] [error] [client 41.100.226.203] PHP Warning:  chmod(): No such file or directory in [path]/xupv2p/htmlarea/plugins/ImageManager/Classes/Files.php on line 83, referer: https://rm-rfroot.net/xupv2p/htmlarea/plugins/ExtendedFileManager/backend.php?__plugin=ExtendedFileManager&&
[Thu Dec 23 09:01:40 2010] [error] [client 41.100.226.203] PHP Warning:  imagejpeg(): Unable to open 'demo_images/t/t_bikerpeep.jpg' for writing: No such file or directory in [path]/xupv2p/htmlarea/plugins/ImageManager/Classes/GD.php on line 550, referer: https://rm-rfroot.net/xupv2p/htmlarea/plugins/ExtendedFileManager/backend.php?__plugin=ExtendedFileManager&&
Is this something that I should worry about? Is there a way that I could better prevent this attack in the future? Is there a way that I can prevent outside users from even attempting to use those above files?

These just started showing up today and I have made no changes to my server in quite a while. I don't think this is normal activity. Would love some insight. I pulled my site down temporarily just in case...

Thanks!

Re: Someone trying to hack my blog?

Posted: Thu Dec 23, 2010 10:47 am
by Timbalu
It looks like you should do an upgrade soon...

Serendipity 1.5.5 has been released to address a serious security issue.
Please read
http://blog.s9y.org/archives/224-Import ... eased.html

Ian

Re: Someone trying to hack my blog?

Posted: Thu Dec 23, 2010 10:51 am
by jwdonal
YIKES!! You're totally right!! All the things those guys are talking about in your link match what I'm seeing on my server log. :-o

UPDATE: Okay, I'm all upgraded. Jeez, that was kinda scary. It doesn't look like I was infected. Is there a way that I could have known about this earlier than 2 days after the 0-day exploit? Like, is there a way to sign up for notifications (if s9y even has anything like that?). Thanks for the quick heads up Timbalu!

Re: Someone trying to hack my blog?

Posted: Thu Dec 23, 2010 2:48 pm
by onli
The blog covered the last security-issues. You maybe want to add it to your feedreader.
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited