[Klug-general] Website woes
MacGyveR
macgyver at thedumbterminal.co.uk
Wed Aug 8 00:17:43 BST 2007
On Tuesday 07 August 2007 16:34, Dan Attwood wrote:
> Unfortunately it seems that last Tuesday the Klug website was hacked. All
> kinds of nasty things were done to our index file. As a result the site has
> been taken offline. a place holder has been dropped in at
> kent.lug.org.uk/klug
>
> i am currently talking the lug admins (who host the site for us) to look at
> how we can go about restoring the site to a prehacked state and then taking
> some additional security measures.
>
> For peoples interest the site runs/ ran Joomla and the attack seems to have
> been the result of poor file permisioning by myself, register globals set
> to ON on the the server and perhaps an out of date component.
>
> We hope to get the site up and running soon as was. Failing that we might
> start to look at a different CMS. However if possible Colin and myself are
> keen to keep using Joomla as it provides a number of great features with
> very little difficulty.
>
> Dan
register_globals is bad news, i would look into installing mod_security as a
bandaid to cover the site from common attacks vectors. php web apps have been
a bit of a target recently for exploits, maybe there are some harding guides
or modules you can install like there is for wordpress?
--
--------------------------------
http://www.thedumbterminal.co.uk
More information about the Kent
mailing list