Blog Documentation Try Vanilla Cloud
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

site hacked by deleting database.php

davatron5000davatron5000
edited August 2007 in Vanilla 1.0 Help
my site got hacked this evening by way of deleting the database.php file. sounds a lot like the forum hacked by deleting settings.php thread. can anyone think of where i would have gotten that exploit??

Comments

  • Options
    MinisweeperMinisweeper New
    Is vanilla the only software running on your site? What extensions are you using?
  • Options
    davatron5000davatron5000
    i'm using movabletype on the server as well. and that has a 500 error. but that's kind of par for the course for that. it's had troubles all along.

    i have quite a few extensions running:
    Announcement 1.2
    Attachments 2.1
    Better BB Code 1.0
    Crude RSS 1.0.4
    Discussion View Count 1.2.1
    Flickrizer 0.3
    Google Analytics 1.2
    Hidden Text 1.4
    HTML Formatter 2.3
    Inline Images 1.3
    Latest Posts Integ. 1.1
    Mark All Read 1.0.1
    Members Page 1.2.1
    New Applicants 1.3
    Next Unread 1.0
    Nuggets 1.1.4
    Poll 1.3
    Preview Post 2.5.1
    Quotations 1.6 (?)
    Vanillazilla 1.0.1
    Who's Online 1.2
    Yellow Fade 0.1

    so there's that. now it appears my settings.php isn't writable (644) by vanilla. the "do you want addons" message is still lingering. what are safe permissions for database.php and settings.php? 755?
  • Options
    DinoboffDinoboff
    6 is for write and read, so to be writable you need to set the files permission to 600, 660 or 666, it depends of the server configuration. If you set the permission on the folder globally, you need 700, 770 or 777.
  • Options
    VazVaz New
    edited August 2007
    My forums occassionally play up when lines go vanishing in settings.php. However, I'm not sure if this is a hack attempt or just code playing up.

    edit - (it was code playing up) - found the solution to my problem.
  • Options
    ithcyithcy New
    the "forum hacked by way of settings.php" was not a hack at all. if you read the thread you'll see that it was a bug in one of the extensions that caused the problem.

    if you're certain that you were actually hacked because of a vulnerability in vanilla, that's one thing. but otherwise, please don't alarm the community.
  • Options
    ithcyithcy New
    er, what Vaz said
  • Options
    MinisweeperMinisweeper New
    So what actual effect did the 'hacking' have? I'm also quite curious what issues you've had with MT - it seems unlikely it will have been 'hacked' through this file but maybe there is a similar bug to the settings one which we havent come across yet..
  • Options
    davatron5000davatron5000
    i'm getting 500 errors on MovableType because comment spam is overloading my cgi scripts. my error log freaks out and says "Out of Memory!"

    i mean you guys can say it wasn't a 'hack', and that's fine. but all day my forum was fine and then after dinner it went kaputz. the only thing database.php related is that someone might have tried to upload a file or something with Attachments (?).
This discussion has been closed.