Results 1 to 9 of 9

Thread: Hacked - How?

  1. #1

    Hacked - How?

    Hey,

    Just curious as to how a "prat" managed to hack my site, deface the homepage and takeover my hosting account. Is it the servers fault for not having good protection?

    I now have it back, host were very helpful indeed. They put the site back up within the hour after i reported it at their helpdesk.

    << domain removed >>, any of you could look over my site and see if there are any holes on my site, or its just the servers protection.

    any replies appreciated

    thanks
    Last edited by the_pm; 07-17-2007 at 08:28 PM.

  2. #2
    Join Date
    Mar 2005
    Posts
    361
    Maybe phpbb? whats the portal you are using?

    Be sure to have the latest updates;

  3. #3
    i use joomla. How would they hack through phpbb?

    Thanks

  4. #4
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Is it the servers fault for not having good protection?
    It's not the server's responsibility to update your website.
    It's not the server admin's responsibility to ensure your website secure.
    While there are steps that admins can take to secure a server (ie: disabling php functions, phpsuexec, etc), these steps will most often disable useful php functionality, and disable more sites than it's worth.

    In the end, security is equally the responsibility of the server admin and the site owner. Without the site owner updating their software and ensuring things are secure on THEIR end, the server admin has no chance to fully secure a server.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  5. #5
    The latest version of phpBB is 2.0.21 and does contain quite a few security updates for that release. Be sure to remove all of your doc and install folders as they contain information about which version of phpBB you're using and password protect your admin panel with Apache's htaccess. These are some of the basic things I do when I set up a phpBB forum.
    ServerTweak Networks, LLC >> ServerTweak.com
    Experience the fastest network and superior servers, feel the power of ServerTweak!
    Fremont, CA DataCenter | Dedicated Servers | Colocation | Cross Connects HE.net | 1/4 - Full Cab Sales

  6. #6
    Join Date
    Oct 2006
    Location
    uk
    Posts
    448
    joomla gets hacked very easily...i had a joomla site got hacked in a week. changed cms after that...

  7. #7
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,849
    From a quick Google, the phpBB component for Joomla appears to be a modified version of phpBB with the latest release I found dated October 2005. phpBB has released security updates since then, the latest in June 2006. So it seems quite likely that the phpBB component would be vulnerable to some of the exploits published for earlier versions.

    Bottom line: you are responsible for keeping all applications you install up to date. If the necessary updates aren't being released for a particular application you need to patch it yourself or dump it and choose something else.
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  8. #8
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,849
    Quote Originally Posted by doc_flabby
    joomla gets hacked very easily...i had a joomla site got hacked in a week. changed cms after that...
    Joomla core appears to me quite stable and well-maintained, although of course you need to keep it updated like any other app. Joomla 3rd party components however are in many cases badly written and maintained - most exploits work on vulnerabilities in these components not Joomla itself.
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  9. #9
    Join Date
    Nov 2006
    Posts
    168
    I found a post regarding Joomla, that may help, it basically discusses that some modules are not secure.

    Brief Quote: There has been an increase in hacker activity with Joomla! based sites. However, the security issues are not related to Joomla! core itself, but to the 3rd party add-ons installed to the system by the users.
    Visit: http://www.joomlaya.com/content/view/482/46/

    I think it is very important to keep up to date with all new releases, as they fix many known vulnerabilities. Basically everything has flaws, the reason I like bigger cms such as Joomla is because chances are holes get fixed alot quicker than unknown cms. Tightening your php settings may help as well. Just my thoughts.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •