Possible Major Flaw

[Tom]

Earlier on today our web hosting was totally wiped of files after someone got access to the password of the other user on the FTP.

After restoring a backup and changing every password, the phpvms profile of that person keeps being accessed and edited, even after password being changed every time, and being changed to something absolutely nobody knows.

[Nabeel]

What do you mean keeps being accessed and edited?

[Tom]

Yes, the email has been changed to stupid things "hacked@hotmail" and so on, and a false PIREP was files for 100000 hours. Clearly they didn't have enough knowledge to accept the PIREP though.

[Tom]

Is the VMS secure against SQL injection? It's just happened again.

Thing is, I'm logging IP's and the files they access, and it's clearly coming from his IP but I'm speaking to him and he's busy programming.

[G-NEWC]

Join the club with this "hacking" business, Tom. Someone has gained access to ours and keeps adding trojans to my javascript files, hence the recent downtime on the site.

Oh well, i suppose frequent backups are the answer.

[Tom]

Yes, thankfully I took a backup just before Christmas and they didn't think to remove our database. Back online in minutes.

[Nabeel]

Could it be through some other software? James, I think yours was either through phpBB or Wordpress.

phpVMS to my knowledge is, I do filter everything, but there could be holes somewhere. Let me see if I'm missing anything in the pilot update section. Are you on the latest version? I did add some fixes for things in there as I find them

[Tom]

Not sure what version we're on. Is it worth me upgrading to latest beta now or waiting for next stable?

And the only other thing we have is phpbb, but is separate and remained untouched through these events.

We at first suspected someone who knew his password, but after everything was changed and the editing continued it was clearly not.

[RogerB]

Do the two of you have anything in common? Like any software you may of tested?

[Nabeel]

Not sure what version we're on. Is it worth me upgrading to latest beta now or waiting for next stable?

And the only other thing we have is phpbb, but is separate and remained untouched through these events.

We at first suspected someone who knew his password, but after everything was changed and the editing continued it was clearly not.

I'm releasing 2.0 tonight so wait if you can

[TAV1702]

it is important to remember that anything php is hackable. For every fix found, a new hack is figured out. Script kiddies suck ass plain and simple.

The only sure way I have found through years in the forum business is using index files in EVERY folder as well as .hta files in every folder as well. Now if someone has ftp access there is nothing you are going to do about it besides create a new user and password and ditch the old ftp user excluding the main account that is.

I have some good .hta examples if anyone is interested. I used .hta for my Integramod install and there was a wave of hacked sites for 3 months and mine was un harmed. Once I shared my method, most hacking stopped.

I am waiting to hear about the new release tonight. After that, I will be free to share info on how to use my methods.