Movable Type 4.0 site Hacked

By Tim Makins on February 18, 2008 5:24 PM |

Ever had your website taken over? Its no fun. The other day I logged on to find that my site was partially infested with files that I hadn't put there. In certain directories there was an .htaccess file, and another with random numbers then .php - for example something like 180185.php. Had I put them there? Were they files belonging to my Blog software, Movable Type? I opened up the .htaccess in Notepad, and discovered that it took control of all 404 errors (File does not exist) and directed all requests to the numbered .php file, which then opened up a page listing all kinds of mobile phone hacks etc. A LOT of bandwidth was being used, besides filling the Google cache with all kinds of illegal rubbish purporting to come from me.

How had this got there? After a lot of searching, and a lot of red-herrings, I finally tracked down the cause to my Blogging software, Movable Type. It turned out that when installed, its settings are such that all new entries to the Blog, plus all their indexes and archives, are stored in folders with permissions set to 777. All new files have their permissions set to 666. Is that a problem? Yes, because it allows ANYONE to write to those folders, as happened to me. This page: 'Securing your weblog - CGIWrap and SuEXEC' explains the problem in greater detail as well as describing the fix.

Basically, there are two things you need to do. First, you open your 'mt-check.cgi' page in a browser - you will find it in your 'mt' directory. If (and ONLY if) it tells you "(Probably) Running under cgiwrap or suexec" then you can add an extra layer of Security to your site, by adding some lines of text to your 'mt-config.cgi' file. All you do is to open the file with Notepad or similar (NOT a word processor) and add the following lines at the bottom:

#
#=ADDED TO SET CORRECT PERMISSIONS FOR FILES AND FOLDERS=
#
DBUmask 0022
DirUmask 0022
HTMLUmask 0022
UploadUmask 0022


Save the file, and try a new entry to your Blog. You will find that the new entry has its permissions set to 644, and the folder it is in has its permissions set to 755. SUCCESS !! Now all you have to do is to go through your site and set the permissions for all those older Movable Type entry-files and folders to the above value as well!

CAVEAT: The above worked fine for me. I make no guarantees it will work for you, so would suggest you alter things and test things one step at a time, and make sure you know how to recover if you have made a mistake.

Travelling Tims Blogs

Search

About this Entry

This page contains a single entry by Tim Makins published on February 18, 2008 5:24 PM.

Gallery2 Preinstaller was the previous entry in this blog.

Too many open files is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Powered by Movable Type 4.01