Hey ,

If you or your clients are hosting "livehelp" scripts on the server, be aware that your server security can be compromised and the hacker can take the root lever control.

Check that out !!

I hate it when people take my root lever.

Do you happen to have any specific details? This is a bit vague.

The PHP scripts of livehelp, makes the hackers upload and place their files in /tmp folder of your server and then they execute them from there. We were lucky that we found these scripts in advance of an attack.

I hope this information helps :)

We have mod_security in place , and stop scripts from using /tmp .

Would this stop the security hole?

http://www.craftysyntax.com/livehelp/security.htm

It's hard to gain root with uploading files to /tmp, unless your server is totally unpatched and is vulnerable to all latest root exploits. The most they can do in this case is upload files and run something as nobody user or as any account user if you run phpsuexec. This is a known security issue and many scripts have this problem, example - PHPNuke. So, secure your /tmp partition, disallow access to download programs - lynx, wget, GET, compile programs - gcc, g++, etc., have a firewall installed to prevent them from running any daemons, run PHP in safe mode, install mod_security module, and you'll be much safer than with the default linux install.

I am sure this does not happen with all live help scripts. It may only be CS. There have been about 20,000 downloads of Help Center Live so far and ive had no complaints about this sort of problem.

Does this confirms that if 20 K copies are downloaded, script is safe to use ?. Remember Matts Formmail's old version is still used by Spammers to send SPAM even today.

Watchout Hackers are still searching for LiveHelp Version(s) below 2.7.1 to exploit :)

they may not be safe to use, but im sure if someone had their server hacked because of it they would not be very happy and send me an email..

The point i am trying to make is that the post sounds it is about all live help applications but it appears to be only CS Live