Results 1 to 9 of 9
Thread: Hacked - How?
-
11-17-2006, 02:04 PM #1New Member
- Join Date
- Nov 2006
- Posts
- 4
Hacked - How?
Hey,
Just curious as to how a "prat" managed to hack my site, deface the homepage and takeover my hosting account. Is it the servers fault for not having good protection?
I now have it back, host were very helpful indeed. They put the site back up within the hour after i reported it at their helpdesk.
<< domain removed >>, any of you could look over my site and see if there are any holes on my site, or its just the servers protection.
any replies appreciated
thanksLast edited by the_pm; 07-17-2007 at 08:28 PM.
-
11-17-2006, 02:11 PM #2Aspiring Evangelist
- Join Date
- Mar 2005
- Posts
- 361
Maybe phpbb? whats the portal you are using?
Be sure to have the latest updates;
-
11-17-2006, 02:23 PM #3New Member
- Join Date
- Nov 2006
- Posts
- 4
i use joomla. How would they hack through phpbb?
Thanks
-
11-17-2006, 07:28 PM #4Is it the servers fault for not having good protection?
It's not the server admin's responsibility to ensure your website secure.
While there are steps that admins can take to secure a server (ie: disabling php functions, phpsuexec, etc), these steps will most often disable useful php functionality, and disable more sites than it's worth.
In the end, security is equally the responsibility of the server admin and the site owner. Without the site owner updating their software and ensuring things are secure on THEIR end, the server admin has no chance to fully secure a server.Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
11-17-2006, 07:41 PM #5Junior Guru Wannabe
- Join Date
- Jun 2006
- Posts
- 67
The latest version of phpBB is 2.0.21 and does contain quite a few security updates for that release. Be sure to remove all of your doc and install folders as they contain information about which version of phpBB you're using and password protect your admin panel with Apache's htaccess. These are some of the basic things I do when I set up a phpBB forum.
ServerTweak Networks, LLC >> ServerTweak.com
Experience the fastest network and superior servers, feel the power of ServerTweak!
Fremont, CA DataCenter | Dedicated Servers | Colocation | Cross Connects HE.net | 1/4 - Full Cab Sales
-
11-17-2006, 08:59 PM #6Aspiring Evangelist
- Join Date
- Oct 2006
- Location
- uk
- Posts
- 448
joomla gets hacked very easily...i had a joomla site got hacked in a week. changed cms after that...
Rediscover online gaming Get Continuum / Subspace | Play Trenchwars
-
11-17-2006, 09:34 PM #7Retired Moderator
- Join Date
- Feb 2005
- Location
- Australia
- Posts
- 5,849
From a quick Google, the phpBB component for Joomla appears to be a modified version of phpBB with the latest release I found dated October 2005. phpBB has released security updates since then, the latest in June 2006. So it seems quite likely that the phpBB component would be vulnerable to some of the exploits published for earlier versions.
Bottom line: you are responsible for keeping all applications you install up to date. If the necessary updates aren't being released for a particular application you need to patch it yourself or dump it and choose something else.Chris
"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter
-
11-17-2006, 10:03 PM #8Retired Moderator
- Join Date
- Feb 2005
- Location
- Australia
- Posts
- 5,849
Originally Posted by doc_flabbyChris
"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter
-
11-17-2006, 10:03 PM #9WHT Addict
- Join Date
- Nov 2006
- Posts
- 168
I found a post regarding Joomla, that may help, it basically discusses that some modules are not secure.
Brief Quote: There has been an increase in hacker activity with Joomla! based sites. However, the security issues are not related to Joomla! core itself, but to the 3rd party add-ons installed to the system by the users.
I think it is very important to keep up to date with all new releases, as they fix many known vulnerabilities. Basically everything has flaws, the reason I like bigger cms such as Joomla is because chances are holes get fixed alot quicker than unknown cms. Tightening your php settings may help as well. Just my thoughts.