Jump to content

Possible Major Flaw


Tom

Recommended Posts

Earlier on today our web hosting was totally wiped of files after someone got access to the password of the other user on the FTP.

After restoring a backup and changing every password, the phpvms profile of that person keeps being accessed and edited, even after password being changed every time, and being changed to something absolutely nobody knows.

Link to comment
Share on other sites

  • Administrators

Could it be through some other software? James, I think yours was either through phpBB or Wordpress.

phpVMS to my knowledge is, I do filter everything, but there could be holes somewhere. Let me see if I'm missing anything in the pilot update section. Are you on the latest version? I did add some fixes for things in there as I find them

Link to comment
Share on other sites

Not sure what version we're on. Is it worth me upgrading to latest beta now or waiting for next stable?

And the only other thing we have is phpbb, but is separate and remained untouched through these events.

We at first suspected someone who knew his password, but after everything was changed and the editing continued it was clearly not.

Link to comment
Share on other sites

  • Administrators

Not sure what version we're on. Is it worth me upgrading to latest beta now or waiting for next stable?

And the only other thing we have is phpbb, but is separate and remained untouched through these events.

We at first suspected someone who knew his password, but after everything was changed and the editing continued it was clearly not.

I'm releasing 2.0 tonight so wait if you can

Link to comment
Share on other sites

it is important to remember that anything php is hackable. For every fix found, a new hack is figured out. Script kiddies suck ass plain and simple.

The only sure way I have found through years in the forum business is using index files in EVERY folder as well as .hta files in every folder as well. Now if someone has ftp access there is nothing you are going to do about it besides create a new user and password and ditch the old ftp user excluding the main account that is.

I have some good .hta examples if anyone is interested. I used .hta for my Integramod install and there was a wave of hacked sites for 3 months and mine was un harmed. Once I shared my method, most hacking stopped.

I am waiting to hear about the new release tonight. After that, I will be free to share info on how to use my methods.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...