Dragonfly CMS v9 ⇒ Security v9 :: Archives ⇒ Site hacked -Twice :: Archived ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexSecurity v9

Archived ⇒ Site hacked -Twice


Hi, our site was hacked yesterday morning. Common index/admin.php replacement, with the usual you have been hacked by gibberish. I replaced both the files, and everything seemed ok. Then last night, the config.php was overwritten, with the exact same rubbish. Shocked

So, i replaced that, and all seems fine again. Im a novice at this stuff, is there anything i can do to prevent this happening again?

Our site is hosted professionally, and we did delete the install directory the minute we put it up, over a month ago now.

Thanks for any tips. Mr. Green

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


change root and account password ?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


Really?, so the only way to inject those files is with an account?
Thats a bit scary, as i have changed the access passwords to the host FTP and Mysql, and my own password, only exists in my head.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


well if your password is dictionary based then it's easy to hack.

Always use something like: K!n5mA#@p)w3r

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


Ah ok, got it, i only had letters and numbers. thanks for the help, will fix now. not worthy
Also i didnt originally set this up, which is why i DID change all the passwords, im curious what you mean by a root password. We have two accounts, which i havnt been game to delete, in case they are some sort of master accounts or something, like admin 2 was for phpbb.
www.junglewraiths.net/...mbers_List
they are local and user, is it ok to delete them?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


yes you may delete them

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


Excellent, and thanks for the new password too! Mr. Green


(hehe, just kidding!)

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


Ok, our index.php has been replaced over 20 times today. I have suspended all super user accounts bar mine. Mine has a pretty damn big password, and its still happening, any thoughts?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


i hope you are using a firewall and an anti-virus/trojan on your system ... maybe u got a key logger or trojan on your pc.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.7 / PHP 7.3 / head


mmm, recommend any good software for sniffing those out?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


there are good and free softwares that gives you a decent security try avast home + zone alarm.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.7 / PHP 7.3 / head

All times are UTC