we have an article dashboard article directory and it is often hacked. we always end up deleting or overwriting the compromised files. we set the permission to 755 to all files, yet we are still hacked. what's the best way to secure article dashboard?
What exactly the hack means? Are they injecting any contents in your files OR completely overwrite your files? Are you the owner of the server your website is hosted on? If no, it's more likely the server is hacked and hacking websites hosted on it all the time. Have your hosting provider to check the server in such a case. If you own the server, have a server management company to look into it OR hire an admin.
Could be a number of reasons. A fault in the software running on the website that allows remote code execution. It may be another site on the server that is hacked and can write to your account. Hackers may have left a backdoor script that allows them to edit your site as they wish. They may have your ftp password, they may have the admin passwords. Until you can work out how they are getting in then your really just guessing at a solution. Article Dashboard, but its encoded with ioncube, so you cant do anything about that, maybe try updating to the latest version and protecting the admin directory with an .htaccess file.
Thank you madaboutlinux and phpsiteminder. The site is sitting on a shared hosting. The last hacking incident involved the header file of the site being replaced with a meta refresh so that all traffic to my site was redirected to the hacker's url. Should I contact my host? What should I ask my host to do for my shared account?
Article DB is a wonderful script but no updates regarding its upgrades or security fixes. Better setup .htaccess with authorized password
http://www.addedbytes.com/articles/password-protect-a-directory-with-htaccess/ Checkout the link, There is an entire tut on how to do that.
I'm got answer to my question. If you are not using simple default passwords, i'm can say that this is a shared hosting problem. Change permissions to 644. I'm do not see any other solution to fix it. .htaccess can protect your directories from outside, but not from inside.
My host advised me to password protect certain directories using cpanel. Let's see how secure this is in the coming days.