AW: AW: ANN: GLX2 3.05

J. Landman Gay jacque at hyperactivesw.com
Fri Jun 15 00:05:32 EDT 2012


Thanks Andre, that helps. I think I'm safe.

I'll keep the filetype function around for the future though. That's a 
nice thing to know about.


On 6/14/12 10:46 PM, Andre Garzia wrote:
> Jacque,
>
> This usually happens once one of two things happens:
>
> 1 - you have a compromissed FTP account. Maybe one collaborator lost your
> FTP account or an infected machine is harvesting them from your HD (more
> common on windows). Something caused the FTP account to be compromissed,
> after that the hacker uploads a single PHP script and calls this script
> with CURL or something similar, this causes the script to execute on the
> server. This script is usually a bootstrap script that will download more
> nastiness and infect other files.
>
> 2 - an exploit on some software you're using on the server side. This
> mostly happens when using stuff you didn't built such as Wordpress or
> others popular CMS. Wordpress is a big target for hackers because it is the
> most popular CMS out there.
>
> Be aware that if you're LiveCodeServer application has an upload feature
> such as "upload your photo" form that works by saving the uploaded file
> somewhere and then sending it to the browser when needed, for example by
> using something similar to:
>
> <img src="photos/<?rev put photoFilePath ?>" />
>
> Where you simply send an image with its source pointing to the uploaded
> file. This is a major risk because if the hacker uploads a PHP file instead
> of a nice mug shot. The PHP file will be executed when the browser request
> that image.
>
> If you're accepting files on forms, always check the file with a command
> like:
>
> function filetype pFile
>    return shell("file --mime"&&  pFile)
> end filetype
>
> This function will return the MIME type for a given file on Mac OS X or
> Linux (any Unix I think...).
>
>
>
>
>
> On Fri, Jun 15, 2012 at 12:29 AM, J. Landman Gay
> <jacque at hyperactivesw.com>wrote:
>
>> On 6/14/12 8:58 PM, stephen barncard wrote:
>>
>>> these guys would pack a string of URLEncoded PHP code with no white space
>>> into a global, then decode and call it. It was usually placed at the
>>> bottom
>>> of one's document.
>>>
>>
>> It's still not clear to me how they did this.
>>
>> The security snafu was a year ago and the hacker didn't get any passwords,
>> only a few user names. Unless anyone's password is "12345" I kind of doubt
>> this recent incident is related, and it was a long time ago anyway.
>>
>> Is there a likely explanation how they got in this time? Something we
>> should watch out for?
>>
>>
>> --
>> Jacqueline Landman Gay         |     jacque at hyperactivesw.com
>> HyperActive Software           |     http://www.hyperactivesw.com
>>
>> ______________________________**_________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/**mailman/listinfo/use-livecode<http://lists.runrev.com/mailman/listinfo/use-livecode>
>>
>
>
>


-- 
Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com




More information about the Use-livecode mailing list