Announcement

Collapse
No announcement yet.

Hacked again!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hacked again!

    My site was hacked a few weeks ago, there was no logs of any kind. all that was done was the Database(235 megs) was completely erased.

    I upgraded to v. 2.3.0 hoping that will end it, I changed all passwords ec. ect. , a few weeks went bye. and bamm it happened again. this site my site was being forwarded to another site for a few minutes then the databse was erased again. i sat back after restoring and waited and watched it ahppen again right in front of my eyes. no logs of any kind apache, server nothing.

    I always delete the admin.php and index.php from the admin directories and only upload them when needed. Please help me, how are they getting in??

  • #2
    Sounds like they're probably going straight to the MySQL Database.
    A few things you might want to consider:
    a) If you're on a shared hosting package, someone else on the server might be able to retrieve your config.php and access your DB.
    b) See if your host can protect MySQL from being remotely accessed, will probably be a bit useless if it's on the same machine as Apache, and the hacker has a shell session open on the server and connecting to it via that.
    FFAddicts: [site|forums]

    Comment


    • #3
      Originally posted by ffaBen
      Sounds like they're probably going straight to the MySQL Database.
      A few things you might want to consider:
      a) If you're on a shared hosting package, someone else on the server might be able to retrieve your config.php and access your DB.
      b) See if your host can protect MySQL from being remotely accessed, will probably be a bit useless if it's on the same machine as Apache, and the hacker has a shell session open on the server and connecting to it via that.

      hi, thanx for the super quick reply, its on a dedicated server.

      not sure if that helps.

      Comment


      • #4
        - Change all root/admin/server passwords as well as MySQL root/account passwords
        - Turn php safemode ON
        - Check your web server (sites) to see if there's any strainge files and investigate it
        - Check http access log
        - temporary turn off/remove phpMyAdmin, set .htaccess to all important folders.

        that's what I can think of for right now.

        Good luck


        my site was being forwarded to another site for a few minutes
        Check your index.php files to see if it was changed.
        Did you do a ping to your site, to see if it goes to the correct IP?
        (otherwise, it would be DNS problem too)

        It sounds like he got access to your ftp, or be able to view/change your files.
        Last edited by mtha; Wed 6 Aug '03, 1:28pm.

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...
        X