I had an older version of Fusion until this last weekend...6.0.2xx my site stanardsvillevfd.org had been hacked several times, always the db had to be reloaded... I upgraded to v6.01.15 on sunday and again I got hacked... I'm thinking my config.php was exposed... I've cleared "All Users" Can anyone give me some validation
Ok, I will write a little "I got hacked- What to do now?"
1. First change all your passwords! (FTP, Mysql, PHPFusion etc.). And don't use easy passwords like "admin", "pass123" or "secret"
2. Check your webserver, if there are any new bad files or old files, which are changed by the hacker and where you don't know, where they come from.
And also download & reupload all the original files of PHPFusion! And also check the data in your database! Often bade code is hidden in the code of the panels or "own sites" of PHPFusion...
3. Update to the latest version of PHPFusion (If not done in step 2)
4. Check if you have any modifications or infusions, which are not secure or not uptodate. Ask the author or ask in the official boards. Most websites got hacked because of unsecure mods or infusions.
5. And be sure that no Third-Persons know your passwords or can get your passwords! Be sure, that your own pc has no keylogger etc. And really never use the same password on different sites etc. (Use for PHPFusion a different password than your FTP-/Mysql-Password)... Don't save your password on your pc..
6. Only give people, who you trust, any administration rights of PHPFusion. (With administration rights (for example: admin rights of own pages or panel) they also can read out the password of your database!)
Could be. There have been some security issues with this infusion in the past. Download the latest version. I've downloaded it somewhere. Don't know where anymore. And I'm not behind my own PC at the moment, otherwise I could be of more assistance to you..