AW: AW: ANN: GLX2 3.05
J. Landman Gay
jacque at hyperactivesw.com
Thu Jun 14 23:05:32 CDT 2012
Thanks Andre, that helps. I think I'm safe.
I'll keep the filetype function around for the future though. That's a
nice thing to know about.
On 6/14/12 10:46 PM, Andre Garzia wrote:
> This usually happens once one of two things happens:
> 1 - you have a compromissed FTP account. Maybe one collaborator lost your
> FTP account or an infected machine is harvesting them from your HD (more
> common on windows). Something caused the FTP account to be compromissed,
> after that the hacker uploads a single PHP script and calls this script
> with CURL or something similar, this causes the script to execute on the
> server. This script is usually a bootstrap script that will download more
> nastiness and infect other files.
> 2 - an exploit on some software you're using on the server side. This
> mostly happens when using stuff you didn't built such as Wordpress or
> others popular CMS. Wordpress is a big target for hackers because it is the
> most popular CMS out there.
> Be aware that if you're LiveCodeServer application has an upload feature
> such as "upload your photo" form that works by saving the uploaded file
> somewhere and then sending it to the browser when needed, for example by
> using something similar to:
> <img src="photos/<?rev put photoFilePath ?>" />
> Where you simply send an image with its source pointing to the uploaded
> file. This is a major risk because if the hacker uploads a PHP file instead
> of a nice mug shot. The PHP file will be executed when the browser request
> that image.
> If you're accepting files on forms, always check the file with a command
> function filetype pFile
> return shell("file --mime"&& pFile)
> end filetype
> This function will return the MIME type for a given file on Mac OS X or
> Linux (any Unix I think...).
> On Fri, Jun 15, 2012 at 12:29 AM, J. Landman Gay
> <jacque at hyperactivesw.com>wrote:
>> On 6/14/12 8:58 PM, stephen barncard wrote:
>>> these guys would pack a string of URLEncoded PHP code with no white space
>>> into a global, then decode and call it. It was usually placed at the
>>> of one's document.
>> It's still not clear to me how they did this.
>> The security snafu was a year ago and the hacker didn't get any passwords,
>> only a few user names. Unless anyone's password is "12345" I kind of doubt
>> this recent incident is related, and it was a long time ago anyway.
>> Is there a likely explanation how they got in this time? Something we
>> should watch out for?
>> Jacqueline Landman Gay | jacque at hyperactivesw.com
>> HyperActive Software | http://www.hyperactivesw.com
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
Jacqueline Landman Gay | jacque at hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
More information about the use-livecode