• slider image 58
:::

tad - XOOPS 安全問題 | 2010-06-22 | 人氣:17053

Tad uploader 1.1 版有一個漏洞,可以讓人不經過檢查就上傳程式。有心份子會利用之上傳一些木馬程式。

因此建議您儘早更新至1.2 版已針對此問題進行處理(或者就乾脆移除別用了...)

Tad uploader 1.2 版:http://www.tad0616.net/modules/tad_up ... mp;cfsn=355&cat_sn=23

有問題的檔案可以直接利用 tad_uploader 模組的界面來刪除之,其真實路徑位於 /uploads/tad_uploader/ 底下

刪除完若是不放心,Linux 主機者可下載底下小程式(感謝OLS3大師提供)來協助掃描看有無漏網之魚(順便建議把幾個快取目錄都清一清,有些惡意程式會躲在裡頭)。

http://www.tad0616.net/modules/tad_up ... amp;cfsn=356&cat_sn=0

解壓縮到任何目錄,利用 chmod +x scan_spy.sh 來賦予該程式執行權限,然後輸入「./scan_spy.sh」來執行掃描。

該程式會從主機根目錄掃起,有問題的檔案會直接秀出到畫面上(顯示權限不足或者找不到檔案者則應該不是惡意檔案)

有列出來的檔案請將之刪除(例如 help.php、info.php、xxx.phP...之類的檔名)

掃描完,會產生 spy.log 以及f.lst兩個紀錄檔,也可以開啟來看一下,裡面列的連結可以看一下,有沒有一些奇怪的連結。

此外,您也可以下載底下這個檔,將.htaccess解壓縮到uploads中,如此,uploads中的敏感檔案都將無法執行。

http://www.tad0616.net/modules/tad_up ... amp;cfsn=357&cat_sn=0

最後,建議資料庫密碼可以改的話就改一改,以策安全。

網友個人意見,不代表本站立場,對於發言內容,由發表者自負責任。
發表者
樹狀展開
 

 Just want to say Hi.

naturally like your web-site but you have to take a look at the spelling on several of your posts. Many of them are rife with spelling issues and I find it very bothersome to inform the reality then again I will surely come again again.

 

 Im happy I now registered

Pretty nice post. I just stumbled upon your weblog and wished to say that I have truly enjoyed browsing your blog posts. After all I'll be subscribing to your feed and I hope you write again very soon!

 

 I am the new girl

Having read this I thought it was very enlightening. I appreciate you spending some time and effort to put this article together. I once again find myself spending a significant amount of time both reading and leaving comments. But so what, it was still worthwhile!

 

 Im happy I finally registered

This excellent website really has all of the info I wanted about this subject and didn't know who to ask.

 

 I am the new girl

Ahaa, its fastidious dialogue regarding this paragraph at this place at this webpage, I have read all that, so at this time me also commenting at this place.

 

 I am the new girl

Wow that was strange. I just wrote an incredibly long comment but after I clicked submit my comment didn't appear. Grrrr... well I'm not writing all that over again. Anyway, just wanted to say superb blog!

 

 Just wanted to say Hi!

Nice blog right here! Also your web site lots up fast! What host are you the use of? Can I get your affiliate link to your host? I wish my site loaded up as quickly as yours lol

 

 Im glad I finally registered

It's fantastic that you are getting ideas from this piece of writing as well as from our argument made here.

 

 I am the new girl

Very rapidly this web site will be famous among all blogging and site-building viewers, due to it's fastidious articles

 

 Just wanted to say Hello!

You should take part in a contest for one of the finest sites on the web. I will highly recommend this web site!

 

 Im happy I finally registered

Heya i am for the first time here. I came across this board and I find It truly useful & it helped me out a lot. I hope to give something back and help others like you aided me.

 

 Just want to say Hi.

Very quickly this web site will be famous amid all blogging visitors, due to it's fastidious articles or reviews

:::

即時留言簿


計數器

今天: 1846184618461846
昨天: 2334233423342334
總計: 2080658208065820806582080658208065820806582080658