Don't have an account yet? You can create one, it is free, just click here
as a registered user you have some advantages like free downloads, comments and posting on our forums, depending upon this site's configuration and options.
Joined: May 06, 2006
Posts: 10
Location: Canada
Member
Posted:
Jan 21, 2008 - 07:49 AM
Post subject: MDPro Lite 1.082 Hacked
Gents,
Not much activity in the forums nowadays. Since december I have had several attempts to get my site hacked. The first attempts were done on a 1.0.76 install. Last week I updated to 1.0.82 and today the site was hacked again. In all cases it seems the mySQL database had been compromised. As I can see the permissions at the site are set as they should. I have changed the db user and password and made sure md-config.php is encrypted and read only for others. My web hosting company is www.ixwebhosting.com.
What further measurements can be taken to secure an MDPro site? Is there any documentation about this? Overall I find the documentation for 1.0.8x a little bit lacking.
Thanks in advance for any help in this matter,
Mats Johansson
_________________ An expert is someone who learn more and more about less and less.
Eventually the expert will know everything about nothing.
Cheers,
Mats J
mats0916 New MD user
Joined: May 06, 2006
Posts: 10
Location: Canada
bannato
Posted:
Jan 21, 2008 - 08:10 AM
Oh and further one of the first things I did was to add the security fix 070917 (pnuserapi.php in Topics). It did not seem to help on the 1.0.76 installation and I do not know if this is needed for a 1.0.82 installation, I have not found anything in the docs.
_________________ An expert is someone who learn more and more about less and less.
Eventually the expert will know everything about nothing.
Cheers,
Mats J
TiMax Project Manager
Joined: July 31, 2003
Posts: 1560
Location: Quebec - Canada
Posted:
Jan 21, 2008 - 06:54 PM
What about your logs ?
NEVER install old fix, fix 070917 is an old fix for 1.076 .... if you install it in 1.082 maybe you can broke your installation
So, we need info's from your logs otherwise we can't help you
_________________ TiMaxMAX s.o.s.Fantasia e dinamicità Italiane, qualità e servizi Canadesi Web Services, hosting ed housing professionali
mats0916 New MD user
Joined: May 06, 2006
Posts: 10
Location: Canada
bannato
Posted:
Jan 22, 2008 - 12:38 AM
TiMax,
Thanks for replying. After further investigations it turned out I got several mails from MDPro about hacking attempts (Sent to a mail box not forwarded...rerouted now). From those emails I gained the IP addresses (2 different) and blocked them from the site. It also looked like the admin user account was compromised (probably since my 1.0.76 installation) so I changed admin account and deleted the old one. Late yesterday evening I could see in my site logs both addresses were trying to get access again but were effectively 403'd. Let's see how good they are...
I have also deleted the pnuserapi.php fix. Thanks for the heads up.
Oh. And the abusing IP addresses has of course been reported to respective ISP.
_________________ An expert is someone who learn more and more about less and less.
Eventually the expert will know everything about nothing.
Forum FAQ
Search
Usergroups
Preferences
Options forum
Watched Topics
Latest forum posts
Log in to check your private messages
Log in
