TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

User

Welcome to TinyPortal. Please login or sign up.

April 16, 2024, 07:07:44 PM

Login with username, password and session length

Stats

Members
  • Total Members: 3,885
  • Latest: Growner
Stats
  • Total Posts: 195,161
  • Total Topics: 21,219
  • Online today: 106
  • Online ever: 3,540 (September 03, 2022, 01:38:54 AM)
Users Online
  • Users: 0
  • Guests: 66
  • Total: 66

My site was hacked...

Started by projectgz, December 05, 2007, 07:42:34 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 All
User actions

IchBin

#10
December 05, 2007, 11:57:06 PM
Remember, just because you're site was hacked doesn't mean it was even your site that the hacker gained access. If you're on a shared hosting account, the hacker could gain access through another account where someone could have been running some software that had security holes in it. If you're files are 777 then that would give them access to write to those files if they gained access to the machine through another site. Which is why its a good idea to not keep everything at 777. You need to push your host to secure the server, as they will just blame you're software. But I would just give them the middle finger if they blame TP or SMF. We haven't had any problems like this with TP for quite some time.

projectgz

#11
December 07, 2007, 10:22:20 PM
Thanks for your reply guys. and no mate, my hosting company actually support SMF  because they offer it through their control panel as a free software. So i doubt that they would blame smf for the miss happening. I had the TP shout box open for the guest for a while and I also had the smf shop installed and I never bothered updating it because I always downloaded the newest releases. Maybe its the shout box that caused it as there were some notice about it.

IchBin

#12
December 07, 2007, 11:22:24 PM
It would only be the shoutbox if you don't have TP 0.9.8.

seavashr

#13
January 31, 2008, 07:14:25 PM
run your apache in cgi instead of module
and also install suexec
suexec will use user name instead of nobody to run scripts

You can not use suexec in plesk!

Never leave any file or directory with 777 permission

at the end got hack is not just from one bug or hole you have to check the logs,last ip access and ... to find out how hacker get access to your site
he got the root access or just simple get through your account

if you have sheared account you should  contact your admin for help
if you have your own server join hosting forums for security talks

always keep your scripts and modes   up to date
do not install unnecessary module plugin services and anything which you dont need

regard

G6Cad

#14
January 31, 2008, 07:37:03 PM
Quite old topic you posted in now.
I will lock this
Print
Go Up Pages 1 2 All
User actions