Jump to content

Limbo Cms Security- Site Hacked


Recommended Posts

My site was recently compromised via directories with open permissions set by the Limbo CMS. Also there are some password security concerns which allowed a person to get to the CMS backend which I have taken care of.


This is a Mambo CMS written in PHP.


I was wondering if anyone had any tips for PHP security. I realize now that my directories were very open, allowing anyone to write php files to directories. I have corrected these.


Also, is there a way to limit which countries hit my site? The hackers were apparently from Vietnam (thats what came up when I googled the "tag" name they put in my content).


Are there logs I can look at to see what IP address was at my site and lock it out from there? Sorry I am a newbie to site maintainance.

Link to comment
Share on other sites

Welcome to the forums ;)


If it has been compromised, you should reprovision the account completely from a backup from before it was compromised. You never know what little treats they have left behind for you.


If you download your raw log file, then you can see the IP addresses used to access your site. You can block ranges of IP addresses using .htaccess, but personally I would simply recommend that you maintain the latest secure versions of all scripts.

Link to comment
Share on other sites

Welcome to the forums!


If I remember, Limbo CMS is based on mambo or joomla as you say. Make sure the files are up to date and that you have CHMOD correctley all files that a normal mambo/joomla install says you should do.


As Andy says above, block using your htaccess



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...