Five minutes ago I received an email saying that I “was owned”… I immediately said to myself that this was impossible… someone making me hovor of hacking my webpage? It made me feel so special… I wouldn’t worry for a second about my material for three reasons:
- It’s completely useless to everyone
- I have backups
- It’s completely useless to everyone
So immediately I typed krizhere.com in Opera and I was shocked… everything was fine! Oh what a disappointment! But then I realized that the email had been sent from my webgallery so that was probably the one that was hacked… and it was for real:
Warning: main(includes/mg2_functions.php): failed to open stream: No such file or directory in /home/kriz/public_html/photoz/index.php on line 54
Warning: main(includes/mg2_functions.php): failed to open stream: No such file or directory in /home/kriz/public_html/photoz/index.php on line 54
Warning: main(): Failed opening ‘includes/mg2_functions.php’ for inclusion (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/kriz/public_html/photoz/index.php on line 54
Fatal error: Cannot instantiate non-existent class: mg2db in /home/kriz/public_html/photoz/index.php on line 56
I felt so proud!!! But I had to try to fix things… I was in the middle of writing a problem for my quantum final but I gave myself a couple of minutes just to see if I had lost everything or I’d have just to reinstall MiniGal. Obviously index.php was there but it seemed that I was missing a file named mg2_functions.php. I went to restore the file in the includes directory and then it hit me… I WAS SO STUPID!!! leaving write access to such a directory is like shooting yourself in the foot… which I had just done quite successfully!
I just replaced the file (and changed permissions of course) and all was okay 🙂
Oh well… and I thought it would be a real hacker… maybe next time… until then if you find another directory liker that please let me know 🙂
*** EDIT: Apparently there is an exploit in MiniGal that I was unaware of: MiniGal MG2 Image Gallery Name Field HTML Injection Vulnerability. Because of that I’m currently disabling the comments system and I’ll start searching for a different web gallery. Unfortunately most of them need PHP’s safe mode set to on, something that my current host doesn’t provide (for free)…