Someone hacked my site...

:x
I visited my website in the early morning(this morning), and I was shocked to see that it had been hacked! There was a lot of |337 and crap about how “brazil rocks!” replacing my regular “welcome” message… :<

I also discovered that the hacker had created a god account in my PHP-nuke system, and so I had to remove the fiend(and myself) from the database and create a new user account.

So…I guess the moral of the story is that your site can never be too secure…I kicked the security up a notch, and locked off important, vulnerable areas, and I installed a tracker, so I can find the IP address of people who try to hack into my website. :slight_smile:

Anyway, is there anything else I should do?

Hmm, Grimreaper was a hacker, you can ask him about some security things mehbe?

Dmn, i hate that people hack :x :-?

lemmy, try switching to CPG-nuke.

they are a PHP 6.5 offshoot who set about securing the code (and intergrating Coppermine gallery)

they reduced the php code by 30% or somthing.

and they reduced the server load by some huge amount too.

from my understanding they are pretty damn secure. you see they don’t allow just anyone to code for their CVS release, they have a few people that are the only ones who help. this ensures a pretty unifrom and consistant code base i guess.

most modules from PHP-nuke are available in CPG nuke.

but there are a few missing things so-far, or annoying things (minor things missing like avatar uploading not working)

cpgnuke.com i think is the addy.

i use it for blenderbattles site and i havn’t seemed to have any issues.

Alltaken

Man, I’m sorry to hear that, lemmy. At least it was your site and not your computer. I don’t see why people have to be so mean. Why hack on the side of evil if you can hack on the side of good? And what’s the point of writing evil viruses that lay waste for no good reason? It’s just plain nasty, that’s all.

where is your server. do you have acces to thd command line? if so. llok at permission. even php should not go out of the webspace.

My website is hosted on a remote server…

do you have acces to thd command line? if so. llok at permission.

I do have command-line access, but how would I look at permission?

even php should not go out of the webspace

Huh?

ya right.
how does it append. do you know how he did it? maybe he tried all the password he could try. do you log the login in a text file?
all these question to get better security.

about permission, forget it. it’s you admin’s job to make sure no one can execute malicious code.

ummm not really.

PHP is full security holes. people can gain access to your MySQL, and PHP files via the PHP-nuke security holes.

this doesn’t mean they have access to your webhost account. it just means they can mess up your website.

things like Cpanel, and other Administrator things are secure still.

Alltaken

sure.
I was taking about file permission.

I don’t know PHP-nuke. And i don’t think PHP is full of security hole. heck, elysiun would be hacked everyday if so!.