Gossamer Forum
(Advanced Search)
for
Home : Products : Gossamer Links : Discussions :

Security holes?

Jan 17, 2005, 7:56 PM
modifier
User (83 posts)
Jan 17, 2005, 7:56 PM
Post #1 of 2
Views: 1197
Shortcut
Quote Reply
Security holes?
I have received blackmail from someone telling me they will hack my site and delete my data on regular basis if I don’t delete one of the categories on my site and couple of forum threads. This category is very helpful to the Slovak and Czech students who are coming to America for work during the holiday. The category contains information of businesses that didn’t pay them for their work in the past.

What should I do to protect the data? Are there any security holes in the LSql? Or is there anything I could do to protect this account? Should I add a user to the database? I’m using the same password for my database and for my cpanel or FTP login. I don’t know much about the security of the server, so I’ll be glad for any advice or opinion.

I have LSql 2.2.1 and PHPBB 2.0.11 (newest)

I have the Apache Version : 1.3.33 (Unix)

CPanel Version : 9.9.9-RELEASE Build 121

Operating System : Linux

Perl Version : 5.8.0

MySQL Version : 4.0.22-standard-log

PHP Version : 4.3.10

No valid SSL on this Host,

(reverse ip tool requires free login)
Server Type: Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a PHP-CGI/0.1b
67.18.73.90 (ARIN & RIPE IP search)



(The site was hacked in the past, but I was not the administrator then, I have bought the domain recently, this information is a new hosting for the domain)

Is there anything I can do to protest the data?
Jan 18, 2005, 10:29 AM
carminejg3
User (108 posts)
Jan 18, 2005, 10:29 AM
Post #2 of 2
Views: 1127
Shortcut
Quote Reply
Re: [modifier] Security holes? In reply to
Well for one make backups......

then to help either wait and see, sometimes the best fix is to get hacked then you can see what they did.

I once had a hacker say he was the best since he hacked my site....

turned out phpnuke was buggie and he (the so called hacker)
went into the admin.php page and insert a line that added a new user.

and was able to delete data......

The quick fix, I rename the admin page to admin.1201214
then just rename it and log in when changes are needed.

It's be over a year no hacks.... So just tighten up security.

Last of, replace PHPBB 2.0.11 with Gforum... its very cheap and well worth the money. GT is a very well known company and their support is great. Chances are that if any thing has holes it will get fix ASAP since they sell the software as with PHPBB 2.0.11 is freeware so the hole will get fixed when ever.

I'm sure if you ask gossamer-threads.com they may have a data sync or know of how you could get your post transfered.

Then again. If 200 is alot.

Refer to my rename the admin scripts.