SITE HACKED; CONFIG.PHP

[henchmanmike]

I had a site I manage get hacked. It appeared the only file modified was the config.php file. All content was erased and modified with SITE BEEN HACKED BY FTEAM.

Ok. I got pissed.

But I have corrected the problem and, well, think I locked down security on it.

Any thoughts on how this has happened? Could it be my hosting? I figured since it was just one file modified that some sort of çrawl of some sort found out my site was using WebsiteBaker and hacked it. I want to secure the site has much as possible and I thought it was.

Any suggestions tips would be greatly appreciated.

[DGEC]

Depends on what modules you have installed. There are some that don't clean the input apparently, but the core has been hardened pretty good.  So they say 

Most likely the server though.

[Dreamer]

that sucks, was it the latest version of WB?

[doc]

Hello,

the latest version (2.6.7) can be downloaded from http://download.websitebaker.org.
This config.php hack ist most likely due to your server configuration so ask your server provider if you can have a look into the server protocol files.

Regards Christian

[DGEC]

Forgot to mention, check your server logs or get the provider to check/give them to you.
You should find be able to find when it was changed, and from where. If you can't tell from your own logs, the full server logs should show how he got in - but they may not want to give you the full logs if it's a shared server.
Get his IP banned and complain to his provider.

[Gullytrotter]

Good morning!

Complaining to an access ISP usually doesn't do much good. Even if the IP is not from Korea, China, India or some other country that couldn't care less if one of their customers hacked a site, even in countries like Germany, France, England or the USA there are many ISPs who may give the customer a slap on the wrist - if they do anything at all. Many treat this sort of thing like spamming: not allowed but not our problem.

Banning IPs IMHO is totally useless. Most people in the Web go about their stuff on a dynamic IP. So you'll just be banning the next person who gets that IP, not the hacker himself. Ok, there is more than enough stupidity to go around, but I doubt that too many hackers will be doing there thing with a static IP and will then come back to a site they have "owned" just to gloat.

I wouldn't bother with these methods, but instead try to secure the server as well as I can. Just my two cents...

Regards,
Chris