Jump to content

2nd Attack


RogerB

Recommended Posts

Kesuk was attacked again yesterday evening by the same code. I talked to a gentleman yesterday and he thinks the registration and contact forms could possibly have vulnerabilities, what do you guys think. Would anyone be interested in helping me check my site? I really could use it.

Link to comment
Share on other sites

Kesuk was attacked again yesterday evening by the same code. I talked to a gentleman yesterday and he thinks the registration and contact forms could possibly have vulnerabilities, what do you guys think. Would anyone be interested in helping me check my site? I really could use it.

Damn, dont thse people have better things to do in their lifes?

Link to comment
Share on other sites

  • Moderators

I found the problem directory, it was called attachments, this directory had code that was removing protection on my php files.

Ok, Roger, you know everyone can access your indexing because I checked your indexing is still enabled., so use that .htaccess file that i gave you and That will black out the indexings and it might stop the problems.

Link to comment
Share on other sites

That was a specific attack on E107 world wide actually, they found a hole in the contact form.

I did want to say:

Despite all our differences and personality clashes, we as the PHPvms community stuck together and helped one another out, I think that is great and important to remember. Thanks guys. ;)

Link to comment
Share on other sites

  • Moderators

That was a specific attack on E107 world wide actually, they found a hole in the contact form.

I did want to say:

Despite all our differences and personality clashes, we as the PHPvms community stuck together and helped one another out, I think that is great and important to remember. Thanks guys. ;)

Ahh Ok, I'm cleared up now.

We are all a team here at phpVMS! We help out each other! :)

Link to comment
Share on other sites

  • Administrators

So it was an e107 vulnerability?

I have to review some of that registration code, though I have before, but I'm always a little paranoid.

The best solution is to use prepared statements, however, not everyone is using mysqli. I'll have to see if there is some other way around it, but I think it would be difficult this stage in the game.

Link to comment
Share on other sites

FsPaint shop was hacked a few months ago, I used E107 then, they got in threw the contact form.

I just switched forums, deleted the database and directory for the old.

Kesuk, I have no idea but it was hacked twice.. My host told if the contact and registration pages aren't done correctly it can be a problem.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...