Any suggestions? Why was my 4 day old site hacked? I'm a little perplexed as I bought the domain last week (and I looked in the way back machine to see if it was an old site and it wasn't). The domain: celebritypicturesandnews.com Thanks Dangit, now they're all down. Sleepyblogger.com JamesTippins.com Problogwriters.com and about 15 others. Ugh. I'm off to cry and curse, I guess.
Yeah, I changed my password. It's an odd letter/number combo, but the best password won't protect you from user error (my negligence at install). My problem was at problogwriters.com (smf/joomla) and registerglobals was ON and it should have been off. Apparently while that's not a wide open door, it's a crack that good hackers (?) can easily exploit. I am wondering how they even found my site though? It's only been up a few weeks and doesn't even quite have a hundred uniques a day yet. Seems like an awfully small fish to attack? Anyway, it's up now and I'm in the middle of beefing up the security even more (registerglobals is fixed now). Any ideas on why i might have been targeted?
celebritypicturesandnews.com wasn't coming up in Google, but I did not check Yahoo or MSN... Did you post the url or get a link from somewhere not too long before this happened? Any advertising?
Why are sites being hacked more in these days. Is there some internet underworld who is doing all that. I heared about DNF and few others too and now this one. It sucks and sucks big time if you have huge site like DNF
Register_globals is a big security issue i turned it on my server and got hacked...better is to enable it on site only through .httacess file! IF you have backups then restore them or email your host.. Edit:Always, use secure password like 39#moun$50 Saad
Maybe you had a vulnerable component installed. Tha is the main cause of a Joomla CMS being hacked lately. Also make sure that you have all dir persmission set to 755. Change them only when you want to install something and then apply 755 again. Most people leave the dir permissions to 777 as it is required for install purposes and that's a big mistake.
Theres alot of script kiddies these days, probably had nothing better to do and thats what happens these days!
But actually my site got hacked few days ago but the hackers were nOOb it was vbulletin exploit that was redirecting my forums to thier site they have posted something in my forums with that code...I am now using vb latest version..I think you should apply all security patches etc to be on safe side. Saad
All is well now. I am hoping it is more secure with the register globals turned to off. Luckily my host is a good one and does nightly backups, so worst case scenario would be I'd lose a day's worth of forum and blog posts. No biggie. My main question is, why did I even get the attention? My sites are all pretty small (the biggest one I have is sleepyblogger and it's really only getting about 500-ish uniques a day). Most of the others are relatively small 50-200 uniques per day). It appears they hacked the problogwriter's forum and it's about 50-100 uniques per day. Seems kinda bizarre to attract attn with so little traffic...
hmm i am wondering about this myself nowadays as i keep hearing about sites/forums and the such being hacked.Do ppl have nothing better to do?
It's really frustrating, because I lost adsense for an entire 3 hour block of time and lost about 4 hours of time I could have spent writing or doing something constructive. Plus, now I'm skittish...
that exactly is the reason and key newbies have no idea and no secure sites hackers are NOT interested in your content but to SETUP either a phishing site or a spam mail delivery using your mail services on new sites newbies have zero or little real knowledge and hence new sites are easy to enter and use btw i had hackers knocking at my door after 1-2 days of use of new server before even site was up and NS was poiting to new server hackers may search JUST fo rbrand new sites partially configured and left open overnight ... losig 3 hrs thats HUGE loss and you very obviously have NOT at all understood the real work of learning to run a securely configured site after my hackers visit early this year I spent a full 2+ weeks in learning and securing my security issues 2 weeks vs 3 hrs ... i guess you have some 13+ days ahead of you .. good luck
I do understand how to set up a secure site, I was lazy and I've learned my lesson. I have a great host and because of our backups I lost NO data. What is the point of your post? For your information, there was no phishing site set up. And, I didn't need 2 weeks to understand that I hadn't turned reg globals to off. Duh. You should take 13 days to learn some manners.