Guest Posted August 15, 2008 Share Posted August 15, 2008 Ok I have learnt the hard way my site has been totally hacked. I have had to del it totally... I am now reinstalling it... luck I had a back up from yesterday... Please let me know the best way to secure the total website or a link to were I can read up on WEB SITE SECURITY for OSC Whats the chmod supposed to be once install is done ? this guy had a folder maned tmp6 and subfolders in there with tons of file and (I COULD NOT DEL THEM AT ALL) ...... Please help :) Link to comment Share on other sites More sharing options...
♥Biancoblu Posted August 15, 2008 Share Posted August 15, 2008 sorry you've been hacked. :( Read this thread, lots of useful advice: Hacker warning Install this contribution to check changes in your files: Site Monitor These are useful as well: IP Trap Anti XSS htaccess protection Isabella ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
germ Posted August 15, 2008 Share Posted August 15, 2008 When I went thru a minor hacking experience a few months back I had trouble with the files. It was because the hack had reset the ownership of the files to someone other than me. In my case it was "root" (the highest account on the server). I had to get help from my Host to reset the file ownership back to my account so I could deal with them. From what you're describing you'll need to do the same. The only other thing I'd suggest checking is make sure the file(s) aren't set to "read only". If it's set to "read only" you won't be able to delete it even if you are the file owner. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Dennisra Posted August 16, 2008 Share Posted August 16, 2008 It was because the hack had reset the ownership of the files to someone other than me. In my case it was "root" (the highest account on the server). Then the hacker had to be logged in as root to change files to root ownership. Which leads me to believe that your SERVER was hacked and your website altered as a consequence. Therefore, the real problem is the security for your server not OSC. Talk with your host. They can check the server logs and see all logins as root. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.