My site was hacked...

[projectgz]

Hey I dont know if this is caused by TP but i do require some advice... Recently a hacker named "harrachi" or someone hacked my site and he claims to be an arab and i rather see him as a lunatic and a child. This is all happened after I installed TP and Chmod alot of files to 777. Is this caused by a SMF error or the server itself or is it my fault for leaving the files  to 777?

[Dragooon]

Mostly its a server's fault but what is your SMF/TP Versions?

[projectgz]

the latest one mate. 0.9.8. Oh also, could this cause by the shoutbox? I know there were some security issues

[Zetan]

Do you have the SMF Shop (whatever it's called) mod installed?

[projectgz]

yes I did. And I had to do a cornjob for the bank interest as well. mayb thats why?

[Dragooon]

Did you applied the Security fix for it which was given out not more than a week ago?
Also if you used the Changing name/username/usertitle items?
If so that might the reason.

[projectgz]

i didnt install the security update and i didnt use those items.

[Zetan]

This is a known recent exploit at SMF and does now have a fix. I suggest heading over to SMF and update the package.

[projectgz]

This is a known recent exploit at SMF and does now have a fix. I suggest heading over to SMF and update the package.

But mate I no longer have SMF Shop installed. So im safe all together rite? just wondering, does this version of TP have a chat feature? And most of all, I have the SMF Shout installed... Will that be in the index page still or itll get erased?

[Zetan]

TP as you should know has a Shoutbox, not a chat feature as such. If you had the Shoutbox open to guests then you may have been hacked through it.

I mentioned the Shop package as there has been recently several sites hacked, rather crudely through it.. it was quickly patched and the site responsible was a site using SMF and they seemed pleased with themselves.

As for other TP exploits, I don't personally know of any.. You should check with your host if you haven't already as there may be other sites they host that have been hacked on the same server.
If you've not posted at SMF yet, again, I suggest you do.

At this time, thats all the advice I have personally, I'm sure other members will speak up if they have anything to add. I hope you get it sorted.

[IchBin]

Remember, just because you're site was hacked doesn't mean it was even your site that the hacker gained access. If you're on a shared hosting account, the hacker could gain access through another account where someone could have been running some software that had security holes in it. If you're files are 777 then that would give them access to write to those files if they gained access to the machine through another site. Which is why its a good idea to not keep everything at 777. You need to push your host to secure the server, as they will just blame you're software. But I would just give them the middle finger if they blame TP or SMF. We haven't had any problems like this with TP for quite some time.

[projectgz]

Thanks for your reply guys. and no mate, my hosting company actually support SMF  because they offer it through their control panel as a free software. So i doubt that they would blame smf for the miss happening. I had the TP shout box open for the guest for a while and I also had the smf shop installed and I never bothered updating it because I always downloaded the newest releases. Maybe its the shout box that caused it as there were some notice about it.

[IchBin]

It would only be the shoutbox if you don't have TP 0.9.8.

[seavashr]

run your apache in cgi instead of module
and also install suexec
suexec will use user name instead of nobody to run scripts

You can not use suexec in plesk!

Never leave any file or directory with 777 permission

at the end got hack is not just from one bug or hole you have to check the logs,last ip access and ... to find out how hacker get access to your site
he got the root access or just simple get through your account

if you have sheared account you should  contact your admin for help
if you have your own server join hosting forums for security talks

always keep your scripts and modes   up to date
do not install unnecessary module plugin services and anything which you dont need

regard

[G6Cad]

Quite old topic you posted in now.
I will lock this