FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Installation Issues » FudForum Hacked again and again... (How can I make my install more secure?)
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
FudForum Hacked again and again... [message #38087] Tue, 17 July 2007 15:42 Go to next message
chippyminton is currently offline  chippyminton   United Kingdom
Messages: 4
Registered: July 2007
Location: London
Karma: 0
Junior Member
My install of FudForum 2.7.6 has been hacked into 3 times in the last 3 months!
The index.php file inside of the forum web directory keeps getting replaced with the hackers one. I have the forum files 'locked', but it makes no difference. My hosting provider tells me that because the ownership of the forum files is set to 99 (i.e.the web server) it is unsecure and open to hacking. Is this true? My hosting is 'virtual' so there are many other sites hosted on the same server.

can the ownership of forum files be changed to something else?
I love the ease of use with FudForum and don't want to have to change to another script Sad

Thanks for any info

Charles

Re: FudForum Hacked again and again... [message #38088 is a reply to message #38087] Tue, 17 July 2007 23:38 Go to previous messageGo to next message
Ilia is currently offline  Ilia   
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
On a non-secure PHP setup on a virtual host (without open_basedir) other users on the machine could modify the forum files, simply because they are owned by the web server user. Because they are created by the web server, subsequently any PHP script running on the server could modify the file.

FUDforum Core Developer
Re: FudForum Hacked again and again... [message #38096 is a reply to message #38088] Wed, 18 July 2007 14:48 Go to previous messageGo to next message
chippyminton is currently offline  chippyminton   United Kingdom
Messages: 4
Registered: July 2007
Location: London
Karma: 0
Junior Member

So should i ask my host provider to activate 'open_basedir'?
or is this not possibe under 'virtual hosting'?

thanks

C
Re: FudForum Hacked again and again... [message #38100 is a reply to message #38096] Wed, 18 July 2007 22:55 Go to previous message
Ilia is currently offline  Ilia   
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
Your host needs to do this.

FUDforum Core Developer
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Upgrade: 2.7.3 > 2.7.6 ?
Next Topic: Failed decompressing
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 10 07:18:06 GMT 2024

Total time taken to generate the page: 0.02915 seconds