i have been hacked totally

[Guest]

Ok I have learnt the hard way my site has been totally hacked.

 

I have had to del it totally...

I am now reinstalling it...

luck I had a back up from yesterday...

 

Please let me know the best way to secure the total website or a link to were I can read up on WEB SITE SECURITY for OSC

 

Whats the chmod supposed to be once install is done ?

this guy had a folder maned tmp6 and subfolders in there with tons of file and (I COULD NOT DEL THEM AT ALL) ......

 

Please help :)

[♥Biancoblu]

sorry you've been hacked. :(

 

Read this thread, lots of useful advice:

Hacker warning

 

Install this contribution to check changes in your files:

Site Monitor

 

These are useful as well:

IP Trap

 

Anti XSS

 

htaccess protection

 

Isabella

[germ]

When I went thru a minor hacking experience a few months back I had trouble with the files.

 

It was because the hack had reset the ownership of the files to someone other than me. In my case it was "root" (the highest account on the server).

 

I had to get help from my Host to reset the file ownership back to my account so I could deal with them.

 

From what you're describing you'll need to do the same.

 

The only other thing I'd suggest checking is make sure the file(s) aren't set to "read only". If it's set to "read only" you won't be able to delete it even if you are the file owner.

[Dennisra]

It was because the hack had reset the ownership of the files to someone other than me. In my case it was "root" (the highest account on the server).

 

Then the hacker had to be logged in as root to change files to root ownership. Which leads me to believe that your SERVER was hacked and your website altered as a consequence. Therefore, the real problem is the security for your server not OSC. Talk with your host. They can check the server logs and see all logins as root.