That is correct Hexosphere. Cassie, WHUK servers are constantly optimized for the best security, hence why FP extensions were removed a while ago; even features which could even give a glimpse of a fail sign are likely to be removed. Nobody implied that it was indeed your fault, you should not take offense to something that hasn't been said.
Bearing in mind that SQL injections, with forum software that is both in-dated and out-dated can easily be affected by this, mainly with the free forums. May I ask what website you are referring to?
Announcement
Collapse
No announcement yet.
Hacked sites and Filezilla
Collapse
X
-
Originally posted by Cassie View PostAfter that post I spent days virus, malware, spyware etc. checking and found absolutely nothing on any of the 4 computers I use.
All passwords are in my head - they are not saved in any FTP programmes, including frontpage, on any of my computers.
Therefore the only logical weak link is potentially your servers and I take offence to to you implying it was my fault when it obviously wasn't.
Hopefully this has given you a heads up to check your security.
With the above in mind, the phrase 'the only logical weak link .....' can be a bad thing to jump into feet first, mainly because forum software (most software has flaws, it's just a case of finding them), can be very susceptible to hijacking of various kinds, the only way to stay ahead is to ensure that you are upto date with any maintenance patch releases from the vendor (this could be the forum software, a new version of php, or even a MySQL update that prevents injections), and if a hole has been found but no patch released, then turn it off until such time as a patch is released.
From what I have read on this thread, no one implied, nor suggested that it was your fault. It was mainly an aim at a guideline for anyone that may stumble upon this thread in the future. Storing passwords is a bad thing on any machine, mainly due to an attacker only needing to gain access to 'that' machine in order to access others. The only thing that I have read on this thread, is helpful hints to people that may not be as savvy as say yourself, on what should / shouldn't be done.
A good suggested read would be the hackers handbook, and teach yourself the same techniques that these people use to enter your site.Last edited by Hexosphere; 20-08-09, 10:19 PM.
Leave a comment:
-
After that post I spent days virus, malware, spyware etc. checking and found absolutely nothing on any of the 4 computers I use.
All passwords are in my head - they are not saved in any FTP programmes, including frontpage, on any of my computers.
Therefore the only logical weak link is potentially your servers and I take offence to to you implying it was my fault when it obviously wasn't.
Hopefully this has given you a heads up to check your security.
Leave a comment:
-
Never ever save your FTP passwords in any of the FTP programs you use. Your website will get hacked if you save your FTP passwords in a FTP software on a windows machine. You won't loose your FTP information untill and unless you get some sort of Virus on your computer.
If you are using Frontpage and if you create profile for auto-connect then your website will get hacked once your computer gets infected by a virus program.
We have seen such thing happening with websites of many customers and there's nothing much we can do to help them. If a hacker gets connected to your FTP account in one go then there's no way our server can stop the hacker from defacing your website.
Leave a comment:
-
I only said about the forum because one of the posts said NO forums had been affected.
I don't need your pity - I have since found out it was nothing to do with Frontpage.
Martin said he had fixed the site but when I checked there was still 2 directories in there that had the hackers information in it. They have now been deleted properly.
All passwords were strong but have been changed to be stronger.
Leave a comment:
-
Originally posted by Cassie View PostSorry to jump in on this thread but just thought I would say that my forum was hacked but don't know if it is on the same server as you. So forums have been hacked.
Originally posted by Cassie View PostHe said it was something about permissions but I don't understand those. He said he had fixed them too but guess I will only know if they are right if I get hacked again or I can't get on my site.
Originally posted by Cassie View PostI use frontpage because I am not a qualified webdesigners - I am just a crafter with a website. I don't understand all the bits I just use them. I would have hoped that the hosting here was secure enough for this not to happen - obviously not.
Can anyone explain further what has happened?
If you are on a Windows server you should be ok for a while. If on Linux you'll have to accept that you use FP at your own risk.
Yes I feel sorry for people like you and my client who have invested time and money in this product but perhaps this will give you some idea why M$ is despised by so many people.
Leave a comment:
-
Sorry to jump in on this thread but just thought I would say that my forum was hacked but don't know if it is on the same server as you. So forums have been hacked.
Chat apparently sorted it last night (thanks Martin) by rolling to a backup but I have not had chance to check anything yet.
He said it was something about permissions but I don't understand those. He said he had fixed them too but guess I will only know if they are right if I get hacked again or I can't get on my site.
I use frontpage because I am not a qualified webdesigners - I am just a crafter with a website. I don't understand all the bits I just use them. I would have hoped that the hosting here was secure enough for this not to happen - obviously not.
Can anyone explain further what has happened?
Leave a comment:
-
Fair enough black-dogas I say if you want a hand (even though I'm not that smart) I'll be happy to do that. Good luck with the issue though and I hope you did not take umbrage at me suggesting it was an error on your part - only a possibility as I know too I've made errors too myself and it is not till someone points it out, that you even realise there is a problem
Best wishes
MrTWS
Leave a comment:
-
Originally posted by MrTWS View PostI hope you don't mind me saying then (and please excuse me for saying) but if your scripting is flawed or leaves vulnerabilities then that might be the problem. I only say that because some sites that get "hacked" do so through some weak scripts or insecure programming
Obviously not being a hacker myself I don't know how these loopholes work, but I know they must exist if someone or some people have broken your sites. Check all your scripting again and make sure that everything is airtight. If you want to PM me some details - like the site name, or what scripting you have done, I can run through it with you too (a fresh pair of eyes can help)
Leave a comment:
-
I hope you don't mind me saying then (and please excuse me for saying) but if your scripting is flawed or leaves vulnerabilities then that might be the problem. I only say that because some sites that get "hacked" do so through some weak scripts or insecure programming
Obviously not being a hacker myself I don't know how these loopholes work, but I know they must exist if someone or some people have broken your sites. Check all your scripting again and make sure that everything is airtight. If you want to PM me some details - like the site name, or what scripting you have done, I can run through it with you too (a fresh pair of eyes can help)
Leave a comment:
-
Well in my opinion, the two FTP programs that come preinstalled with cPanel are more likely to have flaws than Filezilla.
I'm not sure where Alan got his sources from?
Leave a comment:
Leave a comment: