FUDforum: FUDforum Installation Issues » FudForum Hacked again and again...

Home » FUDforum » FUDforum Installation Issues » FudForum Hacked again and again... (How can I make my install more secure?)

Show: Today's Messages :: Polls :: Message Navigator

FudForum Hacked again and again... [message #38087]

Tue, 17 July 2007 15:42

chippyminton

Messages: 4
Registered: July 2007
Location: London

Karma: 0

Junior Member

My install of FudForum 2.7.6 has been hacked into 3 times in the last 3 months!
The index.php file inside of the forum web directory keeps getting replaced with the hackers one. I have the forum files 'locked', but it makes no difference. My hosting provider tells me that because the ownership of the forum files is set to 99 (i.e.the web server) it is unsecure and open to hacking. Is this true? My hosting is 'virtual' so there are many other sites hosted on the same server.

can the ownership of forum files be changed to something else?
I love the ease of use with FudForum and don't want to have to change to another script Sad

Thanks for any info

Charles

Report message to a moderator

Re: FudForum Hacked again and again... [message #38088 is a reply to message #38087]

Tue, 17 July 2007 23:38

Ilia

Messages: 13241
Registered: January 2002

Karma: 0

Senior Member
Administrator
Core Developer

On a non-secure PHP setup on a virtual host (without open_basedir) other users on the machine could modify the forum files, simply because they are owned by the web server user. Because they are created by the web server, subsequently any PHP script running on the server could modify the file.

FUDforum Core Developer

Report message to a moderator