IntegraMOD

Has anyone else experience the functions_portal.php file disappearing? I don't know what happened could be host issue but my functions_portal.php file simply disappeared tonight. Hadn't been making any changes.

Any how just wondering if I am missing a security fix ? I am still running 1.4.1.

htaccess and chmod control what they can see and delete.
The security stops exploits, injection that kind of thing.

Seems my site was exploited to host a phishing scam by adding something into includes/cache_tpls .

Now in my previous post I meant to indicate I was still running 1.4.0. It appears I hadn't applied the security fixes suggested under "Recent Hacking Discussion".

So my question is do folks think I will be safe from this sort of attack if I apply those changes and look at adding the .htaccess files suggested in another post to the 777 directories?

I know that applying 1.4.1d would be the better option but not sure I have the time to train crackertracker at this time.

Thansk in advance for any advice given.

Code: Select all

# access only from inside site.order deny,allowdeny from allallow from localhost 127.0.0.1

That will only answer to the local host (your server) and that the only thing that needs access to your cashe. As long as the don't have high enough access to change it your covered.

You can also add this [url=http]http://www.integramod.com/forum/viewforum.php?f=23[/url]
it has a nice security feature that updates from inside it.
Still I would not run with out CT, It really catches a lot, but your right it needs some time to get it setup to your needs.

Thanks CaNNon!

I'm not clear which mode in that forum you linked to your referring to. Can you let me know the name. Thanks!

So you gather I should be OK with 1.4.0 with your .htaccess suggestion and the changes to prevent the phpbb_root_path exploit ? I just need to ensure what I put backup doesn't get hacked immediately or my host will be none to happy. But would like to get the site up and then look at the CT upgrade.

Thanks again!

No htaccess is not going to stop all exploits!

phpbb_root_path exploit

Example:
If that address your site and asks a file/mod to do something with your cashe, it will be seen as it was from "local host" and it will have access.

I was sending you to the look at the crawltrack software. It's a package and kind of stand alone. I has a nice little security package included and would be of help to you.