has some one been bashing and hacking again?

[cheekysneeky]

Hi,

Sorry about this, but how can one tell if someone 'else' has had access to my website hosting? The problem is, some files have been tampered with that I havn't touched. I am running joomla and the admin filels have been messed with so I can't actually use it. I have asked joomla and they suggested that some one has been playing games.......again.

does anyone know whats going on?

Ok, I have just spoken to another eukhost member and found he is having the same problem with his joomla website hosting at the same time. I don't think this is a coincidence

[Ben]

Firstly have you got the stable release of Joomla and are your files CHMODED to 777 or similar where others can edit your files? (sorry just read your other post here).
Well it may be a cPanel exploit or something which you will may have to contact someone on support dept. or Mark for assistance.

[cheekysneeky]

I have a stable version of joomla, I have never had problems with it before, as for the 777 thing, I have no idea lol

[Manny F]

My Vbulletin forum is unusable as of this morning, was working perfectly up until now. Pages redirect incorrectly, skins aren't working, etc.

[cheekysneeky]

this is the same problem I'm experiencing, is EUKhost messing about with the permissions, security or is it something else I wonder?

[Ben]

You can check the CHMOD settings (permission settings) by going into File Manager and whatever files have been tampered with right click and select 'Change Permissions' and make sure others don't have the option to 'Write' and 'Execute', under 'Group' and 'World' I believe.

[cheekysneeky]

my permissions appear to be set to 644 or something and nothing is writeable except user. The problem is, I don't know whats been altered as joomla is a huge program and trying to replace everything is going to be impossible, unless i can upload entire folders, which I can't because both file manager and ftp only seem to allow the upload of singe files.

I need to first find out if EUKhost have been 'tweeking' stuff first, then I will have a startin point at identifying the problem. If they havn't I'll know its proberly a pest playing hacking games and I'll start the tedious job of replacing joomla with my backup files.

[Ben]

You can upload folders if you zip them with a zipping programme. cPanel may be exploited but I cannot say this for sure so you will have to ask Mark about this.

[jfkyle]

I am having similar problems. Jommla control panel icons missing and clicking on any link in the adminarea for Joomla reverting to my website hosting's home page. To make it worse I have just spent most of the weekend building this new website hosting and additionally although I have raised a ticket EUKHost emails do not seem to be able to reach my yahoo accoumt. If any you of you get any updates on what is going on please post a message here. Thanks. James.

[Manny F]

Quote:

Originally Posted by jfkyle

any link in the adminarea for Joomla reverting to my website hosting's home page.

Same here, can't post, etc. the pages redirect to my home page.

[eUKhost.com]

Joomla wants 777 permission on many files and folders which makes it open for injections and attacks. We need to prevent hacking / cracking attempts on Joomla using mod_security but joomla gives problems with certain rules. It makes things really difficult to keep joomla installations secure if you dont have mod_security on the server.

If you want you can disable mod_security from your .htaccess file using following code :-

Code:

<IfModule mod_security.c>

    SecFilterEngine Off

    SecFilterScanPOST Off

</IfModule>

This code will disable mod_security for your account but make sure that we wont be responsible for any sorts of injections that may occur on your website hosting.

[Craig]

Im also having problems with my Invision Board installation and numerous images.

And as said by others the pages redirect to my home page.

Edit: The code given above seems to have fixed the problems Cheers for the support.

[jfkyle]

I added in the two lines

SecFilterEngine Off
SecFilterScanPOST Off

to the htaccess.txt file in the joomla folder and signed on as Joomla administrator for my website hosting again - no change the issue is still there as described above

[Hunter]

So we can't 777 any directory, or just the ones that are obviously open? (for example, I can use a text-based wiki script that is unknown to an attacker, and so they'd never know where the moddable directory is)

[flesso]

Quote:

Originally Posted by jfkyle

I added in the two lines

SecFilterEngine Off
SecFilterScanPOST Off

to the htaccess.txt file in the joomla folder and signed on as Joomla administrator for my website hosting again - no change the issue is still there as described above

The file should be named '.htaccess', not 'htaccess.txt'.

[jfkyle]

Quote:

Originally Posted by flesso

The file should be named '.htaccess', not 'htaccess.txt'.

Thanks for the help. Seems to be working now.

[borninblood]

Could someone give me a basic template for an thaccess file - I added the code above to one and it fixed one website hosting, the other however doesn't have any - and a blank one with just the code doesn't work.

Thanks in advance.

[cheekysneeky]

I'm still having the problem. i have put that code in but it hasn't made any difference. Have I done it wrong? i opened that txt file, plonked ......

SecFilterEngine Off
SecFilterScanPOST Off

at the bottom of it and renamed the file .htaccess is that right? it that what i'm supposed to do?

[borninblood]

Quote:

Originally Posted by cheekysneeky

I'm still having the problem. i have put that code in but it hasn't made any difference. Have I done it wrong? i opened that txt file, plonked ......

SecFilterEngine Off
SecFilterScanPOST Off

at the bottom of it and renamed the file .htaccess is that right? it that what i'm supposed to do?

A text file called .htaccess is not the same as an .htaccess file.

[MannyF]

I didn't have a .htaccess file so I created one, blank except for

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

and I placed it in my forum directory.

Had to upload as .htaccess.txt, once uploaded to server edit name to .htaccess

My forum works fine now, but I really wish that if changes were going to be made to my Dedicated Server then we should be informed ahead of time. Just last week eukhost cut off my FTP access and just left me to discover this myself. RUDE !

Quote:

Originally Posted by cheekysneeky

I'm still having the problem. i have put that code in but it hasn't made any difference. Have I done it wrong? i opened that txt file, plonked ......

SecFilterEngine Off
SecFilterScanPOST Off

at the bottom of it and renamed the file .htaccess is that right? it that what i'm supposed to do?