FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Installation Issues » FudForum Hacked again and again... (How can I make my install more secure?)
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
FudForum Hacked again and again... [message #38087] Tue, 17 July 2007 11:42 Go to next message
chippyminton is currently offline  chippyminton   United Kingdom
Messages: 4
Registered: July 2007
Location: London
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
My install of FudForum 2.7.6 has been hacked into 3 times in the last 3 months!
The index.php file inside of the forum web directory keeps getting replaced with the hackers one. I have the forum files 'locked', but it makes no difference. My hosting provider tells me that because the ownership of the forum files is set to 99 (i.e.the web server) it is unsecure and open to hacking. Is this true? My hosting is 'virtual' so there are many other sites hosted on the same server.

can the ownership of forum files be changed to something else?
I love the ease of use with FudForum and don't want to have to change to another script Sad

Thanks for any info

Charles

Re: FudForum Hacked again and again... [message #38088 is a reply to message #38087] Tue, 17 July 2007 19:38 Go to previous messageGo to next message
Ilia is currently offline  Ilia   
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
On a non-secure PHP setup on a virtual host (without open_basedir) other users on the machine could modify the forum files, simply because they are owned by the web server user. Because they are created by the web server, subsequently any PHP script running on the server could modify the file.

FUDforum Core Developer
Re: FudForum Hacked again and again... [message #38096 is a reply to message #38088] Wed, 18 July 2007 10:48 Go to previous messageGo to next message
chippyminton is currently offline  chippyminton   United Kingdom
Messages: 4
Registered: July 2007
Location: London
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user

So should i ask my host provider to activate 'open_basedir'?
or is this not possibe under 'virtual hosting'?

thanks

C
Re: FudForum Hacked again and again... [message #38100 is a reply to message #38096] Wed, 18 July 2007 18:55 Go to previous message
Ilia is currently offline  Ilia   
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
Your host needs to do this.

FUDforum Core Developer
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Upgrade: 2.7.3 > 2.7.6 ?
Next Topic: Failed decompressing
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Oct 21 19:13:57 EDT 2018

Total time taken to generate the page: 0.00705 seconds