MAXdev

MDPro bugs, suggestions, ideas - MDPro Lite 1.082 Hacked
mats0916 - Jan 21, 2008 - 06:49 AM
Post subject: MDPro Lite 1.082 Hacked
Gents,

Not much activity in the forums nowadays. Since december I have had several attempts to get my site hacked. The first attempts were done on a 1.0.76 install. Last week I updated to 1.0.82 and today the site was hacked again. In all cases it seems the mySQL database had been compromised. As I can see the permissions at the site are set as they should. I have changed the db user and password and made sure md-config.php is encrypted and read only for others. My web hosting company is www.ixwebhosting.com.

What further measurements can be taken to secure an MDPro site? Is there any documentation about this? Overall I find the documentation for 1.0.8x a little bit lacking.

My site address is www.vdispatch.ca and information about the server can be found at www.vdispatch.ca/phpinfo.php

Thanks in advance for any help in this matter,
Mats Johansson
mats0916 - Jan 21, 2008 - 07:10 AM
Post subject:
Oh and further one of the first things I did was to add the security fix 070917 (pnuserapi.php in Topics). It did not seem to help on the 1.0.76 installation and I do not know if this is needed for a 1.0.82 installation, I have not found anything in the docs.
TiMax - Jan 21, 2008 - 05:54 PM
Post subject:
What about your logs ?
NEVER install old fix, fix 070917 is an old fix for 1.076 .... if you install it in 1.082 maybe you can broke your installation
So, we need info's from your logs otherwise we can't help you
mats0916 - Jan 21, 2008 - 11:38 PM
Post subject:
TiMax,

Thanks for replying. After further investigations it turned out I got several mails from MDPro about hacking attempts (Sent to a mail box not forwarded...rerouted now). From those emails I gained the IP addresses (2 different) and blocked them from the site. It also looked like the admin user account was compromised (probably since my 1.0.76 installation) so I changed admin account and deleted the old one. Late yesterday evening I could see in my site logs both addresses were trying to get access again but were effectively 403'd. Let's see how good they are...

I have also deleted the pnuserapi.php fix. Thanks for the heads up.

Oh. And the abusing IP addresses has of course been reported to respective ISP.
All times are GMT + 13 Hours
Powered by MDForum 2.0.8 © 2003-2007 based on phpBB © 2001, 2002 phpBB Team
and by MDRebel which uses Theme Graphics by Daz
and by Attachment-Mod 2.4.3