Hi I've just posted my experience re the hacks and a data fix - mainly manual fixes via phpadmin unless you have an up-to-date backup - over at indexscript.
This sucks, I was hacked month ago and I posted that on index script forums and they reassured that they didn't hack my directory through the script, but I am now sure they did, I am not hacked this time but I recon it is only a mattter of will they hack it today later ot tomorrow. I just did a backup and now I am looking for places where they list free scripts security issues, maybe there is a fix for this issues, seems that developers lost interest in developing this script further.
I try not to over react but this has really made me losr confidence in the script, ive read on a thread over at their forum that someone is suggesting its only a few of us, thats a joke, last night when i checked there were loads that have been hacked. I dont think there has been any rush to tighten any security holes. Today, disappointed, frustrated, wanting to stop using that script and move the 3 directories over to a different script, im not sure if thats possible though.
Sad , did you mention to them that http://www.indexscript.com/ is also currently hacked, maybe they should fix that also, doesnt look good for the script at this point.
Hi paidhosting Yeah ive posted over there and others are too and its rather worrying that their own site is still in a hacked state, it doesn't look like theres going to be any hurry if any, to solve things. I know my whole day will be taken up with trying to sort this mess now, i would appreciate if they posted and said their busy working on a solution but i dont see that yet. My sympathy to anyone affected, anyone who hasn't even realised theirs is hacked now, and anyone who has ever been hacked.
Only one of my directories are hacked right now, hopefully it will stay that way. hakon the owner of indexscript seems to be away or something as he isn't replying on his forum. The a**whipe that hacks all the indexscript directories is such an idiot, why hack something that someone is giving for free? That's beyond my understanding. If anyone find's any security loops and can fix it i am happy to pay some small ammounts of $ thru paypal.
I thought so. Indexscript is so nice. daboss is so nice. Why would anyone do this? Anyway, backup backup backup :|
Get that quote off of here. You are pouring gasoline on the fire. Yes. That is what they are doing. Then they take the encrypted password to a cracker site and it decodes it. Then they login and have fun. Change the password and you can not get in. I hacked one of my own sites that they have not found yet to prove that it works. I have reported this Hakon over at the indexscript site.
yes... they are using injection... anyway, i think i have found the hole and have posted the fix over at the indexscript forum... sorry about my bad programming... check out... http://www.indexscript.com/forum/showthread.php?p=5216&posted=1#post5216
Rename the login.php file to something else or remove it. They can still get your current password but they can do nothing with it. I have recovered control of my site and will post the how in a bit.
After what has happend im migrating my databases on my 3 affected sites to phplynx script, had a chat over there this morning and its already possible by this afternoon as an option for anyone running Indexscript. Light at the end of a dark tunnel you could say.
Not a problem the situation was resolved within 24 hours and a Fix available.. I dont think you can ask for more then that from anyone else so.. Good work Daboss.. Excellent work on the fix thx malcolm
hi pipes... good that you've made your decision. i wish you all the best... anyway, for those who are interested, the fix is at: http://www.indexscript.com/forum/showthread.php?t=2260&page=5
thanks... don't forget that i'm a one-man show and am making peanuts (lietrally peanuts) from the script... it's a hobby...