viewnews.cgi security issues

Is Coranto not working properly for you? Here's where to ask for support help; for best results, follow these steps:
  • - Check your core/addon documentation for possible solutions
  • - Search these forums for similar problems that have already been solved
  • - If you're still stumped, check out THIS TOPIC, and post your question in this forum!!

Moderators: Spunkmeyer, Dale Ray, SrNupsen, Bluetooth, Jackanape

viewnews.cgi security issues

Postby web » Mon Jun 18, 2007 2:48 pm

Hi

some times ago my web-site was hacked. They have deleted everything there.

so i decided to scan my server on vulnerabilities with XSpider 7.0

it show me that the most vulnerable place is viewnews.cgi script, as it can be used for, if i remember correctly, remote scripts activation. as it show me a high risk, I've deleted it. I'm not sure it was the place where hackers reached my server from, but even..
Thats about security

Now I'm without any possibilities to generate print and other version for news, that is extremely important for me.

What can you suggest me at this situation?

*sorry if i posted it in wrong thread. I don't know where to post it else
User avatar
web
 
Posts: 176
Joined: Sun Nov 30, 2003 3:39 pm

Postby Jackanape » Mon Jun 18, 2007 5:58 pm

A quick search of the forums produces THIS:

http://coranto.org/forum/viewtopic.php?p=64651

This should give you a good starting point.

Security begins by not letting someone knows there's something to be seen. Like blinds on a window, placing your files in hidden or renamed folders is an effective first step, and usually good enough.
A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly.
Specialization is for insects.
-Robert A. Heinlein
User avatar
Jackanape
 
Posts: 632
Joined: Tue Jan 09, 2007 12:15 am
Location: Capitol of the Great State of New York

Postby web » Tue Jun 19, 2007 6:25 am

thanks for reply.

I,ve read that thread.
think, it couldn't help. if you can transfer nsettings.cgi, newsdat.txt and some other files, you can't transfer to unreachable from http folder viewnews.cgi as it is operational script and needs to be accessible from http

And the risk factor is viewnews.cgi as it was shown me by scan.

that script could be seen inn address bar when clicking any links for print version.
User avatar
web
 
Posts: 176
Joined: Sun Nov 30, 2003 3:39 pm

Postby Jackanape » Tue Jun 19, 2007 12:40 pm

web wrote:that script could be seen inn address bar when clicking any links for print version.


That's definitely the main problem, then. If it could remain hidden, the issue would be rendered moot. I'll hand this over to someone else now, who may have an idea as to how to address this.

Also, I will link to this topic in the 2.0 Dev forum.
A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly.
Specialization is for insects.
-Robert A. Heinlein
User avatar
Jackanape
 
Posts: 632
Joined: Tue Jan 09, 2007 12:15 am
Location: Capitol of the Great State of New York

Postby web » Thu Jun 21, 2007 5:54 am

ok.
User avatar
web
 
Posts: 176
Joined: Sun Nov 30, 2003 3:39 pm

Postby Lumberjack » Wed Jul 25, 2007 5:47 pm

Maybe you can hide the real address of viewnews.cgi using parahead's queryfetcher addon.. although as commands could be passed to that too, I'm not sure it would help you. But, it might, so check it out.
Lumberjack
 
Posts: 555
Joined: Wed Jan 10, 2007 7:22 pm
Location: Oxford, UK

Re: viewnews.cgi security issues

Postby Parahead » Wed Aug 01, 2007 5:54 pm

web wrote:it show me that the most vulnerable place is viewnews.cgi script, as it can be used for, if i remember correctly, remote scripts activation.
Do you have several CGI-scripts and it just pointed out viewnews.cgi or did it point out *any* file with the cgi as extension as a possible security hole? It would be good to know if you got a more detailed information regarding why it pointed out viewnews.cgi if it was the first...
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden


Return to Troubleshooting

Who is online

Users browsing this forum: No registered users and 2 guests

cron