We were hacked in our SMF, with TP.

[Techdomain]

Yes - hate to tell you, but if they have gotten to your htaccess, then they have most likely not gotten in through TP... or SMF. if they have, I bet its because your passwords are the same for server access, database, site admin etc etc...

[Skhilled]

Hackers can also gain access through rootkits and trojans placed on your pc. These can harvest your server and other passwords and links to your sites.

If your site is repeatedly hacked even though your password has been changed you'll need to run various types of anti-spyware and virus programs to try to get rid of them. Remember, not all programs will detect all viruses, spyware, etc. Using different ones while in Safe Mode (if using Windows) will work best.

[capranero]

...and after the TP mod was applied, the forum main index.php permission became 777 - which also goes for all the subdirectories in the forum root folder ... Is that really as it should  ?? That is why I still find it important to make an (small) issue out of it here too, not on the SMF site alone...

O yes, I've been around much too long not be aware of the issues/arguments between script builders and host owners, so I know what you mean Bloc. And I also follow your idea about the hacker entering into the site through the backdoor, so to say...

BUT, I also know I have spent more then 10 hours by now helping my cousin out, really eager not to breach the host owner's file permission conventions... But, that of course is sometimes hard since the scripts won't work properly then... :buck2:

So, the bottom line for me as an end user to the host owner as well to you devs is just a cry for some common sense about not who to blame but how to reduce the security issues as much as possible. Because after all, nothing much would be the consequences of a hacker's attack on a host if there were nothing much he could to do due to restricted set of permissions. Right? And leaving e.g. the index.php file in a 777 state in the mod install process of TP won't help it up - right?

Thanks for your concern.

[capranero]

Hackers can also gain access through rootkits and trojans placed on your pc. These can harvest your server and other passwords and links to your sites.

If your site is repeatedly hacked even though your password has been changed you'll need to run various types of anti-spyware and virus programs to try to get rid of them. Remember, not all programs will detect all viruses, spyware, etc. Using different ones while in Safe Mode (if using Windows) will work best.

Thanks, I heard of this. But it's not my (or my cousins) server. And the host owner says it's just my cousins account that generates attacks - or at least attack attempts. As it seems, someone tries to reach files that don't't exist anymore on the account since everything was moved to a new account. So someone, but probably a script somewhere else, tries to run files that were "planted" on a previous occasion...

[capranero]

Yes - hate to tell you, but if they have gotten to your htaccess, then they have most likely not gotten in through TP... or SMF. if they have, I bet its because your passwords are the same for server access, database, site admin etc etc...

Mmm, but it's probably not someone that has changed the htaccess file, but the SMF install?! And of course separate passwords are used...

[G6Cad]

As i said before, the folders with 777 permissions are not something hackers can do anything through, look at the htaccess files and you will see that ALL of them have 644

Have you been to SMF and filled in the hack report they have ? There is no use in posting about it here on this site.

[capranero]

As i said before, the folders with 777 permissions are not something hackers can do anything through, look at the htaccess files and you will see that ALL of them have 644

Ehh, maybe so from the http outside but what about the inside?

Have you been to SMF and filled in the hack report they have ?

About to it... My cousin is away on a holiday trip and there's bunch of emails/msn's from worried forum users to take care of... Yes, I'll do it.

[G6Cad]

Ehh, maybe so from the http outside but what about the inside?

Exactly, INSIDE the server side, not the portal front side.

[capranero]

Ehh, maybe so from the http outside but what about the inside?

Exactly, INSIDE the server side, not the portal front side.

Yes, but now YOU may miss MY point of view - and that is to not serve the presumtive user from inside with too generous permissions...

[IchBin]

The only time 777 becomes an issue is if someone somehow gains access to the inside of the server. If you feel there's a security breach through your site I would highly suggest you take it to the Devs for SMF via http://www.simplemachines.org/about/security.php