My cms site got hacked today - how can i prevent this?
Posted: Wed Jul 09, 2008 8:38 pm
I was informaed today that my site was being flagged as holding a virus.
Sure enough, a peice of code had been installed in the template files below tag. Have removed it now.
To be honest this did happen once before and someone on here advised me to upgrade to the latest release of cms.
Firstly, I was wondering if its possible that Ive set in-secure permissions - if so how could i check this and what would be the files to check?
Second, if upgrading is the only way to go, I will do that, but wouldnt mind confirming I am taking the correct procedure - when I backup my sql database (through 1and1 sql administration) there are alot of options such as:
add drop table
add if not exists
complete inserts
extended inserts
etc
Which are not ticked by default, so wondering if i need to tick these?
And then I take it I will find a guide to upgrade in documentation on this site...?
thanks in advance for help!
Sure enough, a peice of code had been installed in the template files below tag. Have removed it now.
To be honest this did happen once before and someone on here advised me to upgrade to the latest release of cms.
Firstly, I was wondering if its possible that Ive set in-secure permissions - if so how could i check this and what would be the files to check?
Second, if upgrading is the only way to go, I will do that, but wouldnt mind confirming I am taking the correct procedure - when I backup my sql database (through 1and1 sql administration) there are alot of options such as:
add drop table
add if not exists
complete inserts
extended inserts
etc
Which are not ticked by default, so wondering if i need to tick these?
And then I take it I will find a guide to upgrade in documentation on this site...?
thanks in advance for help!
, start in the first page of myphpadmin and in the left hit the name of the DB and it should show all the rows/columns then at the bottom hit select all then at the top hit export and you should see all of them highlighted don't check anything just leave it all default then in the bottom after it says some thing about _DB_ check zip or the other one not file and you should be good to go...