Friday, August 19, 2005

postNuke got Nuked

Got a fright when I found that my project site on sourceforge was down. Some cryptic message about Smarty.class.php not able to write to a directory. I checked the dir which postNuke uses to confirm that it was chmodded 777.

I then did some googling, and I read that some guys from postNuke have found some exploits namely xmlrpc.php etc, etc...

So I became paranoid and jumped to the conclusion that the site was down because of some flaw. So since it was working before Monday, I asked support at sourceforge.net to rollback my site to then, and hopefully I can patch things up.
So I sent in an issue, and today I got this response:

(2005-08-15 10:53:57 - Project Web Service)
Inquiries regarding Internal Service Errors should be directed to the administrator for the project managing that project web site; some web-based applications (maintained by individual projects) will malfunction due to the read-only remount of the project group directories; data needs to be moved to the project MySQL database, or the /tmp/persistent directory
structure as per http://sourceforge.net/docman/display_doc.php?docid=4297&group_id=1#permissions


So that was all to it! They remounted the drives to be read only, which means my temp drive for postNuke had to be redirected to /tmp/persistent/...
So I changed the config.php settings, and voila, it worked.

yk

2 lewsers:

Jason Lim said...

Is this http://secunia.com/advisories/16429/ related to the problem as well?

Yoon Kit said...

looks like it.
Whatever it was, Ive disabled that file...