My new phpLd 3.2 just got hacked, but it din't do much just inserted a "hacked by - --- ---- --- ---" I wont name this clown as that's exactly what they want me to do, they want fame and such and not going to get it. V7N got hack too and im sure it was the same as this clowns.....Please don't put name of this clowns, hackers love fame and they have their own network where they brag about their accomplishment. Mentioning their names further. Might want to check your Directory Admin section in the Site. I hope the mod doesn't give me a Red rep for this. I'm posting this here to make aware of directory owners to secure there directories better.
Oh sad to hear complains from 3.2 users... 3.1.0 had nothing like this. Ya i heard v7n being hacked couple of days back by some group of hackers..
This is the third directory I have seen hacked in past 6 months, havent seen anything else, v7n did get hacked, but I am sure scott will go all the way to court with this.
luckily i do not run version 3.2 and now i am afraid to upgrade , seeing so many security breaches taking place.
Very interesting...I wondered how they got hacked. Is it a security hole in the phpLD script? What if they got into the network via another web application being ran on their web server?
Yikes, hey wwws was it one of the sites you host with me or some other site hosted somewhere else ? If so i would get my admin to do again a secuirty audit. Regards
Currently I cannot change the Site name within the Admin/Site. When I input the name, it say's it has save, but it's still blank. So if you were to go to the index of my directory it will say"SITE_NAME" I am making a Back Up right now and will reinstall maybe 3.1 into it.
I usually edit via phpmyadmin as i am more used it, doing coding on my home pc is better and you cannot enter site url as localhost(anyone can try doing it by putting site url as localhost, via admin panel will not work for some odd reason), hence need phpmyadmin all the time . Go to your phpmyadmin > go to config you will see lots of fields there just edit the ones you want. Cheers
Very bad Jesse-- The other day I thought of upgrading to 3. --but due to lack of A good template of my choice I decide to hold on till I get a custom one. Now I'll give a long thought.
I forgot that one, thanks! But I might aswell do this now as I haven't made a back up in over 5 days.
eSyndiCat v 1.2 is apparently quite hackable. Scumbags took me out for a while. Anyone running this version should upgrade immediately - but be prepared for a long and painful upgrade if you have any mods installed.
I don't think any scripts are safe, if they want to hack your website i'm sure they will find a way. Usually the more popular a script, the more hacked it gets. Take phpBB for example, no matter how often it updates you still hear someone getting hacked. I guess the best sullution at this point is to back up, in which I did.
Backups, backups, backups! No site is safe ever! popular, unpopular, alpha, beta, mature, etc. . . it makes no difference. We are all at risk of being cracked (hacking is non-malicious BTW) In my humble opinion, open source software tends to be more stable than does commercial software for many reasons. Most importantly, having 100's of eyes looking over the script and suggesting changes is a tremendous plus. The naysayers will note "it's easy to crack if you get to look at the code". Why don't you tell that to windows users re-installing their os because of a virus. Then ask a linux user the last time that happened to them. Nothing is bullet proof. Do you ever wonder why 90% of servers run Linux over Windows???
So true there. With having a back up it takes less than 1 hour to bring everything back. With no back ups, it's an endless apology to those that you have to say sorry for, because you dint make a back up.
Yes its important to have backup but how do they hack those sites? Because I am looking at bigoole.com as it is a custom made script by me? Any suggestions for prevention of hacking!
Great question, there are tons of ways from dropping a key logger on your cpu, to google hacking & packet sniffing. I personally got my reseller account cracked a few years ago because I passed my login id/pw through a non-secure help desk on E3 servers (bottom feeders) as it was mandated by the techies before they would help me un-break what they broke. Within hours every site under my account was breached. These bastards assured me that it was ok even though I pointed out the http (not https) in the url. I knew better than to listen to the "pros" there, and should have trusted my own judgment. Anyways, cracks can be embarrassing. I would suggest using very difficult passwords (and change them monthly) and running anti - virus / spyware on your personal PC regularly. Always look for a secure connection for login && any time you enter your credit card number. The bottom line is that there is always somebody smarter than you or I.
I came to a conclussion that maybe my webhost or being hosted on that host is the problem here. I have a reseller account, and I found out last week that my blog (non directory) was hack. I din't make a big deal because I lost most of the contents already on the blog when I over wrote the databse.sql Thinking that I saved it...anyways, that was the first to be hack, then the directory I notice today, and just recently I went to my picture gallery and that too was hack, all are on the same reseller account and they din't do much just that it posted it's trademark. I will be contacting that host of mine . So, I guess I have a lot of work to do.
I have not received any reports of a v3.2.0 being hacked as a result of the script's coding. If you have any information, please PM me. I am pretty confident we are safe.
Well, I cannot edit my first post. But I will say this now that I know more about it... This past week 3 of my sites were hacked all hosted at my reseller account. 1.A blog 2.A directory 3.A photo gallery All 3 are of different scripts and are all on a seperate domains being hosted on a reseller account. Regardless, I will make a back up each time some changes happens to my sites. The hacker din't do much just place it's signature inside the admin...Hacked by------ and by----- --- - Please don't post the name of this clowns here or anywhere, you'll just incourage them to do more. At this point, I believe that maybe my webhost has something to do with it or just being hosted with them.... I don't like to come to pointing finger as it could also be my computer having a virus, but having alot of websites and being hosted in many places, to have 3 sites hacked in one hosting account makes me wonder. I will email my host an hope to get an answere...I doubt it.