| Author |
 Topic  |
|
|
tomasalsbro
Average Member
Sweden
818 Posts |
 Posted - 09 May 2002 : 11:49:02
|
Hi,
Whiplash Info has been hacked!
Are their any security patches that works with sf2k_v40_b03?
Any suggestions of what to do?
Cheers / Tomas 
!-Keep distance in traffic-!
www.whiplash.pp.se
[edit] The original topic title was Security patches?[/edit]
Edited by - bozden on 10 May 2002 19:38:34< |
|
|
Deleted
deleted
4116 Posts |
Posted - 09 May 2002 : 11:56:14
|
Tomas, please e-mail me your FTP info ASAP, or meet me on MSN messenger with ID deleted by bozden if you have it installed. It will take time here.
Man, you were checking the Internationalization forum... Didn't you see the bug fix?
Think Pink
==> Start Internationalization Here
Edited by - bozden on 11 May 2002 00:34:15< |
 |
|
|
Deleted
deleted
4116 Posts |
Posted - 09 May 2002 : 12:13:32
|
So didn't get any connection till now. Here we go (I'll post and keep editing this for you to follow):
- Download the latest patch004 (link can be reached from my signature)
- Make a backup from your two files which are to be changed (members.asp, pop_printer_friendly.asp)
- Upload the patch files (2 of them) to the server
- Immediately change your admin passwords, also passwords of any other admins, do not forget to inform them (you've got one more admin today, didn't you?)
- Inform your users about the fact and ask them to change their passwords. You may like to put that info into your forum and/or to your main page. It is also a good idea to e-mail your moderators about the issue (or also cange their passwords).
- Go to admin options and reset any changed value to the status before the hack
- Never strugle with those bad behaving (this time Turkish) kids
More general security/safety recommendations.
- Make sure you put the database to a secure folder outside your www directory. If your host does not provide such an opportunity, the next item is more important.
- Make sure you have a hard to remind filename for your database lie forum785473_jhgy.mdb (also correct your DB path in config.asp)
- Make sure you have a good admin password (not easy to guess, use alpha + numeric + spcial character that has no meaning)
- Make sure you backup your database as often as possible. It can be a life saver.
- Encrypt the database and protect it with a password
- Before making changes (upgrade, MOD addition, adding fixes etc), make sure you backup your database and your forum files.
- Are you sure that your favorite MOD does not have any security holes? Do not apply them to critical sites until they get mature.
- Do not play with some admin options (allow HTML, allow images, cookies, etc) until you know what you are doing. Same applies to "admin db setup": You can delete whole tables if you do it wrong...
- Use a good host which keeps their servers with latest fixes. Make sure that they do not use software (including OS) which can be hacked
- If you think somebody hacked/is trying to hack your site, check you logs, download them and keep them. You may need them when you contact your ISP, hackers host or court/FBI (or their analogs)
- Keep visiting this site, check the security forum, make sure you also join the list server (info)
Think Pink
==> Start Internationalization Here
Edited by - bozden on 11 May 2002 11:33:47< |
|
|
|
Deleted
deleted
4116 Posts |
|
| |
Topic |
|
|
|
Forum Locked
Topic Locked
