TP Hacked -- v0.86 with Shoutbox Patch -- still hacked

[Maya]

 :(This is a recurring event it would seem to be effecting quite a few. I too was hacked by turkish hackers a few weeks back. I don't run a shoutbox so I know it wasn't that

Just when I thought all was lost..I did a bit of investing through Cpanel.

I went in to the index.php ( as well as all the other pages) and they only messed with index.php. ( this is where hacked by blah blah...)
I went to a test site I have for trying new mods, scripts, etc.

copied the whole index.php and pasted it on to the hacked and voila! all was fixed.

while in Cpanel I noticed that I had left my permissions at 777 on settings.php ( as well as a few others that I can't recall darn it!), don't know if that had anything to do with it, but I haven't had  problems since...

[Jump1979man]

I have been getting A LOT of those hacker types trying to register on my site lately.....you can tell by the email they use.....*@gawab.com or *@gawab.ru

most use those but some dont.....

they dont ever actually confirm their email to register and they apparently cant hack the shoutbox anymore due to security fixes....

so I have just been deleting these accounts when I see them.

[IchBin]

If it was through the server not even TP V.095 would have helped you, and keep your index,php file tight on the permission, i would have mailed my host and really asked about their security 

Thats exactly what anyone should do is contact their host.

[RoarinRow]

If it was through the server not even TP V.095 would have helped you, and keep your index,php file tight on the permission, i would have mailed my host and really asked about their security 

Thats exactly what anyone should do is contact their host.

My host was clueless. 

[Jpg]

Do a whois lookup on the website. You'll get all the owners private information and everything you need to sue em or get their website...well you know.

[bloc]

If it was through the server not even TP V.095 would have helped you, and keep your index,php file tight on the permission, i would have mailed my host and really asked about their security 

Thats exactly what anyone should do is contact their host.

My host was clueless. 

Do you run just SMF+TP? Any other scripts..?

[RoarinRow]

If it was through the server not even TP V.095 would have helped you, and keep your index,php file tight on the permission, i would have mailed my host and really asked about their security 

Thats exactly what anyone should do is contact their host.

My host was clueless. 

Do you run just SMF+TP? Any other scripts..?

Just SMF + TP, but I also have Coppermine Photo Gallery and FlashChat.

What should my index.php by chom'd too?

[IchBin]

I think to should probably be safe with 755 which makes it only writeable by the owner.

[Svaha]

I've chmodded my index.php to 444 (only readable) as I do for settings.php

I've read somewhere else that sometimes hackers execute a php script in directories where you keep your image files, this can be prevented by placing and htaccess file in these directories

[Svaha]

This was posted by bandit-x on the xoops forum :

for my uploads directory i got something like
:
Quote:
Order Deny,Allow
Deny from all
<FilesMatch "\.(gif|jpe?g|png)$">
Allow from all
</FilesMatch>

only the .gif .jpg .jpeg and .png image files are web accessible in that directory. the rest of the files in that directory get a 404