Hello,
Just for clarification on the previous point, do we delete the java postlet or is it ok sat in there please? It looks like the associated php files have been "nuked" to delete their content during the "diff" overwrite - does this effectively render the java postlet safe?
Thanks
Dave
Recent hacks and vulnerabilities
-
cyberman
Re: Recent hacks and vulnerabilities
If you want a more secure install I suggest - delete it.
Re: Recent hacks and vulnerabilities
To make it more simple for CMSMS users, I would suggest scheduling daily, weekly, and/or monthly back-ups with your web hosts - depending on how frequently you update your site's content.
I automatically back-up all of my sites daily to a shared hosting account, for example. This way, if a hacker does get in, you can simple restore it back to the last back-up file you have, and then change the database name, username, and password then update the config file and not have to go through all of the trouble that calguy listed.
Though...if you aren't making back-ups etc, you will have to follow calguy's steps.
I automatically back-up all of my sites daily to a shared hosting account, for example. This way, if a hacker does get in, you can simple restore it back to the last back-up file you have, and then change the database name, username, and password then update the config file and not have to go through all of the trouble that calguy listed.
Though...if you aren't making back-ups etc, you will have to follow calguy's steps.
EGS provides MMORPG services for WoW, FFXI, FFXIV, AION, Warhammer Online, Age of Conan, RuneScape, Guild Wars, Maple Story, Cabal Online, as well as most other free-to-play MMORPGs.
Our site is *proudly* powered by CMS Made Simple.
CMS Made Simple isn't just simply, it's ridiculously powerful, and suitable for virtually any site and niche. It easily allows us to maintain our site in which receives about 5,000 unique visitors per day.
Our site is *proudly* powered by CMS Made Simple.
CMS Made Simple isn't just simply, it's ridiculously powerful, and suitable for virtually any site and niche. It easily allows us to maintain our site in which receives about 5,000 unique visitors per day.
-
Pierre M.
Re: Recent hacks and vulnerabilities
The crackers' script isn't interesting : what is very interesting is the http logS of its attack. Knowing the attack makes it possible to strengthem hardening the filtering rules in the "small security guide".xmas3 wrote: Last week a few of my sites based on CMS MS 1.2.x were hacked.
...I can send you the script if needed.
Pierre M.
