I'm fighting someone...
Asked Modified Viewed 2,851 times
asked
I had an older version of Fusion until this last weekend...6.0.2xx
my site stanardsvillevfd.org had been hacked several times, always the db had to be reloaded...
I upgraded to v6.01.15 on sunday and again I got hacked...
I'm thinking my config.php was exposed... I've cleared "All Users"
Can anyone give me some validation
my site stanardsvillevfd.org had been hacked several times, always the db had to be reloaded...
I upgraded to v6.01.15 on sunday and again I got hacked...
I'm thinking my config.php was exposed... I've cleared "All Users"
Can anyone give me some validation
Edited by jadeckard on 27-05-2008 17:49,
Basti
Basti 10
[PHP-Fusion Crew Member & Admin from June 2008 - December 2010]
http://basti2web.de - Support Site for my infusions
http://basti2web.de - Support Site for my infusions
- Veteran Member, joined since
- Contributed 1,099 posts on the community forums.
- Started 32 threads in the forums
Ok, I will write a little "I got hacked- What to do now?"
1. First change all your passwords! (FTP, Mysql, PHPFusion etc.).
And don't use easy passwords like "admin", "pass123" or "secret"
2. Check your webserver, if there are any new bad files or old files, which are changed by the hacker and where you don't know, where they come from.
And also download & reupload all the original files of PHPFusion!
And also check the data in your database! Often bade code is hidden in the code of the panels or "own sites" of PHPFusion...
3. Update to the latest version of PHPFusion (If not done in step 2)
4. Check if you have any modifications or infusions, which are not secure or not uptodate. Ask the author or ask in the official boards.
Most websites got hacked because of unsecure mods or infusions.
5. And be sure that no Third-Persons know your passwords or can get your passwords!
Be sure, that your own pc has no keylogger etc.
And really never use the same password on different sites etc.
(Use for PHPFusion a different password than your FTP-/Mysql-Password)... Don't save your password on your pc..
6. Only give people, who you trust, any administration rights of PHPFusion. (With administration rights (for example: admin rights of own pages or panel) they also can read out the password of your database!)
1. First change all your passwords! (FTP, Mysql, PHPFusion etc.).
And don't use easy passwords like "admin", "pass123" or "secret"
2. Check your webserver, if there are any new bad files or old files, which are changed by the hacker and where you don't know, where they come from.
And also download & reupload all the original files of PHPFusion!
And also check the data in your database! Often bade code is hidden in the code of the panels or "own sites" of PHPFusion...
3. Update to the latest version of PHPFusion (If not done in step 2)
4. Check if you have any modifications or infusions, which are not secure or not uptodate. Ask the author or ask in the official boards.
Most websites got hacked because of unsecure mods or infusions.
5. And be sure that no Third-Persons know your passwords or can get your passwords!
Be sure, that your own pc has no keylogger etc.
And really never use the same password on different sites etc.
(Use for PHPFusion a different password than your FTP-/Mysql-Password)... Don't save your password on your pc..
6. Only give people, who you trust, any administration rights of PHPFusion. (With administration rights (for example: admin rights of own pages or panel) they also can read out the password of your database!)
Edited by Basti on 27-05-2008 20:18,
answered
okay...I've done all of that...
could an old infusion be the root of my problem...
"calendar_panel"
could an old infusion be the root of my problem...
"calendar_panel"
answered
i've defused the calendar_panel since i'm seeing a lot of queries against it in my statistics
Xessive
Xessive 10
I am not always right, but I'm never wrong.
http://www.xessive.nl
http://www.xessive.nl
- Senior Member, joined since
- Contributed 327 posts on the community forums.
- Started 4 threads in the forums
Could be. There have been some security issues with this infusion in the past.
Download the latest version. I've downloaded it somewhere. Don't know where anymore.
And I'm not behind my own PC at the moment, otherwise I could be of more assistance to you..
Maybe someone could be of assistance here..?? :)
Download the latest version. I've downloaded it somewhere. Don't know where anymore.
And I'm not behind my own PC at the moment, otherwise I could be of more assistance to you..
Maybe someone could be of assistance here..?? :)
Edited by Xessive on 27-05-2008 18:15,
Basti
Basti 10
[PHP-Fusion Crew Member & Admin from June 2008 - December 2010]
http://basti2web.de - Support Site for my infusions
http://basti2web.de - Support Site for my infusions
- Veteran Member, joined since
- Contributed 1,099 posts on the community forums.
- Started 32 threads in the forums
Yes, that really could be the problem...
If you need a calender, then use the latest version of wibix calender.
DL:
http://basti2web.de/infusions/pro_dow...php?did=57
Edit
@jadeckard: Delete the calender! Not only defuse...
If you need a calender, then use the latest version of wibix calender.
DL:
http://basti2web.de/infusions/pro_dow...php?did=57
Edit
@jadeckard: Delete the calender! Not only defuse...
Edited by Basti on 27-05-2008 18:16,
Xessive
Xessive 10
I am not always right, but I'm never wrong.
http://www.xessive.nl
http://www.xessive.nl
- Senior Member, joined since
- Contributed 327 posts on the community forums.
- Started 4 threads in the forums
Quote
Xessive wrote:
And I'm not behind my own PC at the moment, otherwise I could be of more assistance to you..
Maybe someone could be of assistance here..?? :)
Slaughter, nice timing dude ;)
answered
thanks for your 'help'...
Basti
Basti 10
[PHP-Fusion Crew Member & Admin from June 2008 - December 2010]
http://basti2web.de - Support Site for my infusions
http://basti2web.de - Support Site for my infusions
- Veteran Member, joined since
- Contributed 1,099 posts on the community forums.
- Started 32 threads in the forums
Notice: I updated the post, I added point nr. 6.
Category Forum
Official Core Support - 6Labels
None yet
Statistics
- Views 0 views
- Posts 8 posts
- Votes 0 votes
- Topic users 3 members
0 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions