Hi, hope someone can help. my site was recently "hacked" and another website was put up and also viruses. i found out and let my webhost know, and now they have reset the whole account so its like new. I got a chance to ask the customer advisor as to how to protect it but i had to rush off in the middle of the conversation. He mentioned that i had to change the user permission *or something like that* so people couldn't change the script *again... it sounded something like that*. I was wondering if anyone could shed more light on this and if there are any good links teaching me how to do this Thanks for your time, steve
1 - Upgrade the scipts you are using 2 - If there are no updates available, you may need to find more secure replacements 3 - Secure your scripts and also secure your PHP installation with Suhosin 4 - Make sure all user input in scripts is made safe and never used without making it sure it is the kind of input expected 5 - Change permissions on files to will help prevent people from changing them. Basically, users should be able to read the script/pages but not write to them. 6 - Learn about network security and the *nix operating system and coding in the language used for your scripts -- or hire people who know these things 7 - Regularly visit the forums for scripts you use for news about security vulnerabilities and possible fixes until the script is updated. Patch those holes. 8 - Consider visiting hacking forums for news about early warnings about vulnerabilities in scripts you use.
I found this for you on Google Change file permissions with FTP Clancey had good advice You're mostly looking for people to 'read' and not 'write', but... If it's a forum or any interactive site, you need advice from the community which supports your script. ~~~~~~~~~~ Important note: Some scripts make it easy to modify the name of the 'admin' section... ...to very effectively hide it from newbie (and some other) hackers. This is a great security measure, if you're able to do it. Best wishes with your adventure