My forum got hacked
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=25730
Printed Date: 03 April 2026 at 4:05pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: My forum got hacked
Posted By: Andreas.E
Subject: My forum got hacked
Date Posted: 16 May 2008 at 12:30pm
|
I all Recently i
installed my forum on a subdomain.. and upgraded to the 9.50 version for MSSQL.
Five min ago the site, where the forum is located got hacked. The persons
behind the attack only replaced the default file for the forum, and im running
daily backups so its no problem. But what I start
to wonder, is it an easy way in to my folders via the structure and design of
the forum, or how its coded? Any advise
regarding improving the security on a general basis is highly appreciated. Note..
that this is not criticism against Bruce
or the team behind the software. Its just a curious question? |
Replies:
Posted By: WebWiz-Bruce
Date Posted: 16 May 2008 at 12:43pm
|
We are very particular about ensuring the software is secure and check security sites almost daily and if any secure hole, no matter how small, is found we generally have a fix out for it with 2 hours of being made aware of the issue. At the present time we are not aware of any vulnerabilities in the present version and the only way to be sure of how this was done is to look at your website log files. You have not mentioned what version you upgraded from, it could be that you were running an old version 7 before which did have a number of security vulnerabilities and the hacker may have used this older version to upload a file that gives him/her a back door to your site to change files. What you should do is:- 1. Make sure that you ONLY have read, write and modify permissions on the 'upload' directory. The rest of your site should have 'read' only permissions, this prevents hackers from defacing your web site. 2. Check that there is not an unsafe file and image upload type in your forums upload settings (things like .asp, .php, .aspx, etc. should not be permitted as upload types). Towards the end of version 7 this was changed so that the admin can only permit 'safe' upload file types when configuring upload settings. 3. Check your entire site for any files that shouldn't be there. The hacker may have placed a file on your site that allows then access to your web sites files. 4. Make sure that you always keep up-to-date and running the latest versions of any software, like Web Wiz Forums, that you have running on your web site. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: Andreas.E
Date Posted: 20 May 2008 at 7:28am
This was
the way in… And thank you Bruce for clarifying the topic |
WebWiz-Bruce wrote: