Site hacked: index.php

[dellington]

We found this week that our website had been hacked with a line of code added to the end of the index.php file at the root level of the WB installation (which is also the root level of our domain). The code attempted to run (install?) an applet on the user's computer. I found a very small amount of information on google pertaining to this code, indicating the website that it linked to "exploits browser security".

I have removed the code and all seems well but I don't know what I should do to prevent future problems. It doesn't seem like a WB hack, but more likely at the server level.

Any ideas?

[ruebenwurzel]

Hello,

1.) You should ask your hoster for the server logs. This way you got the information when and how the changes are made.

2.) As index.php and config.php don't need to be changed after WB is installed a good ideas is to set chmod to 0444. This cannot prevent hacks through the shell of the server but it could prevent hacks from scripts.

3.) Please use the latest WB version (2.6.7) in kombination with FCKEditor major 2.7.5 (WB modul version number). All other Editor have a secutiy hole wich allows to add bad/executable code to your WB files.

Matthias

[CMD]

Hello,

does

All other Editor....

include the shipped HTMLArea also?

regards,
Christian

[ruebenwurzel]

Hello,

include the shipped HTMLArea also?

I think so.

Matthias

[CMD]

Hi,

I think so.

ok, so i'll try FCKEditor then.
Thanks!

Christian