Gossamer Forum
Home : Products : Gossamer Links : Discussions :

Gossamer Links security issue?

Quote Reply
Gossamer Links security issue?
Hi,

A phisher just hacked the Gossamer links static page directory and I was wondering if there are any known security issues with version 3.2?

I got this uploaded:

directory/static/www.stgeorge.com.au/InternetBanking/welcome.jsp/


Any suggestions?
Thanks,

K
Quote Reply
Re: [kajukenbokid] Gossamer Links security issue? In reply to
Hi,

Sounds more like your host, rather than GLinks. I would definatly recommend changing the user/password, and if you possibly can - do a full re-install of your server (in case they have left any "back-doors".

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] Gossamer Links security issue? In reply to
Hi,

"I would definatly recommend changing the user/password"

What user/password are you referring too? Are you talking about the GLinks admin section? If so, isn't that set using the server's htaccess?

Thanks for the speedy response.

K
Quote Reply
Re: [kajukenbokid] Gossamer Links security issue? In reply to
kajukenbokid wrote:
Hi,

"I would definatly recommend changing the user/password"

What user/password are you referring too? Are you talking about the GLinks admin section? If so, isn't that set using the server's htaccess?

Thanks for the speedy response.

K
Hi,

Well, yes - change your GLinks admin details , but I'm more saying change your FTP username/password .. in case thats how they got into your site (it really depends on how good your server security is - and how the hacker got in)

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] Gossamer Links security issue? In reply to

Quote:
GLinks admin details

Sorry, it has been years - is that done in the Glinks admin panel?

BTW: is the latest version 3.2?

Thanks.

Quote Reply
Re: [kajukenbokid] Gossamer Links security issue? In reply to
Hi,

It not that simple really - you need to do it in SSH really.

Code:
cd /path/to/cgi-bin/admin
pico .htpasswd

(delete the contents)

Press "Ctrl + X" and then type "y" + enter

Then,type:

Quote:
htpasswd .htpasswd YOUR_USER

..press enter.

Then, it will ask for a password (and again, to confirm it)

Hope that helps.

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] Gossamer Links security issue? In reply to
Ah,

I was able to do that with CPANEL.

Thanks,

K
Quote Reply
Re: [kajukenbokid] Gossamer Links security issue? In reply to
No, there aren't any known security issues with glinks 3.2 (which by, is the current release).

Do you have anything else installed on your server?

I would do as Andy suggested and make sure you change your passwords, but if possible, the best would be to make a backup of the current state of your server (for analysis) and to restore from a previous backup before getting hacked. Then would come the process of figuring out how they got in and to patch the problem.

Adrian