IntegraMOD

[Blue-Blood]

I keep getting hacked!!
Every folder that is 777 keeps getting a bank phising crap uploaded to my site.
How do I fix this. How do I plug every hole.
Is there a security tutorial??
Thanks

[Helter]

if it is that bad, change all your passwords. Both mysql and ftp.
Remove all admin privileges from everyone until they can change their passwords.
Rename your backup folder and update the path to it in acp/security/special
Ask your host to install "Mod Security" and then chmod all 777 folders to 755
If you cannot get Mod Security installed add an htaccess file to all 777 folders with this code in them.

Code: Select all

AddHandler cgi-script .php .js .pl .py .jsp .asp .htm .shtml .sh .cgiOptions -Indexes -ExecCGI -Includes

This code will not stop them from uploading files to the folders, but it will stop them from being able to run the code in the folders.
*be sure when copying the code, you do not include the line numbers

[Blue-Blood]

My host will not install Mod Security
so i added the htaccess file to all 777 folders
I hop this works
Thanks!!!! <img>