timl Posted March 28, 2006 Share Posted March 28, 2006 My site was recently compromised via directories with open permissions set by the Limbo CMS. Also there are some password security concerns which allowed a person to get to the CMS backend which I have taken care of. This is a Mambo CMS written in PHP. I was wondering if anyone had any tips for PHP security. I realize now that my directories were very open, allowing anyone to write php files to directories. I have corrected these. Also, is there a way to limit which countries hit my site? The hackers were apparently from Vietnam (thats what came up when I googled the "tag" name they put in my content). Are there logs I can look at to see what IP address was at my site and lock it out from there? Sorry I am a newbie to site maintainance. Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted March 28, 2006 Share Posted March 28, 2006 Welcome to the forums If it has been compromised, you should reprovision the account completely from a backup from before it was compromised. You never know what little treats they have left behind for you. If you download your raw log file, then you can see the IP addresses used to access your site. You can block ranges of IP addresses using .htaccess, but personally I would simply recommend that you maintain the latest secure versions of all scripts. Quote Link to comment Share on other sites More sharing options...
TCH-JimE Posted March 28, 2006 Share Posted March 28, 2006 Welcome to the forums! If I remember, Limbo CMS is based on mambo or joomla as you say. Make sure the files are up to date and that you have CHMOD correctley all files that a normal mambo/joomla install says you should do. As Andy says above, block using your htaccess JimE Quote Link to comment Share on other sites More sharing options...
TCH-Thomas Posted March 28, 2006 Share Posted March 28, 2006 Welcome to the forum, timl. Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted March 28, 2006 Share Posted March 28, 2006 Welcome to the forum, tim Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted March 28, 2006 Share Posted March 28, 2006 Welcome to the forums Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted March 28, 2006 Share Posted March 28, 2006 Welcome to the forums Tim. What a way to start your visitto the forums eh? Follow the directions above and you should be on the right track. Quote Link to comment Share on other sites More sharing options...
stevevan Posted March 28, 2006 Share Posted March 28, 2006 Welcome to the forums! Anything I could add has already been mentioned. Quote Link to comment Share on other sites More sharing options...
j2k4b Posted March 29, 2006 Share Posted March 29, 2006 Welcome to the forums... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.