How to make secure my site

[Zenigata]

Hi,
my forum (smf 1.0.7) was hacked twice in 2 days. I don't know what to do. They insert a maliciuos code in some of my files, even my forum directory is chmoded 755 and files are 644. Jaguarpc replied to me the server is secure.

Is there a particular setting or .htaccess to prevent this?

Thanks

[AlexKall]

Its most likley the forum that is the unsecure bit, try changing forum software

[jason]

Forums attract hackers like honey attracts flies. Usually all it takes is for the forum developers to, for example, forget to validate one input field and a hacker can come in and take over. Since forums are so popular it is easy for hackers to write scripts to scan websites looking for these vulnerablities.

Your best bet is to check with the forum developer often (weekly or better) to see if any new versions of bug fixes have been made available, and if they are, upgrade your site ASAP.

--Jason

[mattsiegman]

Try looking here for help securing SMF: http://www.simplemachines.org/support/

They have a particularly good community there, so you should be able to find the answer you're looking for.

[Zenigata]

Hi,
I've posted my question here on Simplemachines support forum, but they said my forum si secure and check the secutiry of server with my host.

[mattsiegman]

Chances are that it could have been a different exploit on the site, or an unknown bug in SMF.

I posted on that other board. (I used to work on it back when it was YaBB SE)

http://www.simplemachines.org/commun...25#msg55462 5

[phluidphil]

I just had some users complain to me and it appears my SMF forum is also experiencing the same injections of iframe. But I am running the latest version forum version: SMF 1.1 RC2

Time to investigate.

Well after some investigation, I see that the person must have used the forum software or an apache related exploit to change the ownership of the files from me to nobody:nobody. This person or automated script did not go outside of the forum directories. However now I am stuck with several dozen 777 dirs, files and no way to change their permissions or ownership without having root. Time to submit a ticket. On the flipside all my themes were infected with the injected iframe and my Settings file and forum error log files modified.

[Zenigata]

Again. The hacker modified only some template files:

[arabnity]

Hi there, I do not have any answers to your dilemma, but I have had a similar experience. I have had my website hacked and they linked their image to the same server your image was linked to, imageshack.us. In your case, here is the link to the image, which I assume gives info on the account: http://img218.imageshack.us/img218/4588/hacked7pt.jpg

If I were you, I would contact imageshack.us's abuse department and report to them how their account holder is using his webspace. I did it, for what it's worth.
Here is the link to the abuse page: http://reg.imageshack.us/content.php?page=email&q=abuse.

I don't know if they will care about this, but if many people find that the hackers' images come from their website, and people start complaining, maybe they will.

The page they hacked on my website was a blogger.com blog and my other website that kept being hacked was a website of a not-for-profit which I created with CMSimple. I have disabled the guestbook in the latter and everything seems to be fine now.

Good luck.
Cristina