new installation after attack
Permalink
Hi guys,
had the bad luck, to get a full attack on my just build website with cookies, backdoors and redirections.
Don't know if it is a problem from hoster or concrete5 and it's not more important now.
I only have some questions now, how to deal with some issues.
The site is complete gone now, and I will make everything new.
I would like to know, how to make better for future.
My password was very strong with a mix of 16 small and big letters, numbers and special characters and I used the correct Chmod. I always used sftp.
What else can I do, to make my site safer?
I remember reading in a thred - I could not more find it now- that one guy said, its good to remove something from the code to make it more safe. Anybody know, what I mean and can explain that to me?
A "How to" for after installation would be a great thing, to make everything as safe as possible.
How good is the Security Wall? Anybody experiences with that tool? There are no reviews on the market place.
And what happens to my apps I buyed from the market place? Will I be able to use them still, when after deleting I install my site new?
Can I simply release the apps from the old page and instal them to the new. I just got them some days ago and would not like to pay again for them. I had no chance to use them, as emediately I got attacked.
Thank you
Jaroslaw
had the bad luck, to get a full attack on my just build website with cookies, backdoors and redirections.
Don't know if it is a problem from hoster or concrete5 and it's not more important now.
I only have some questions now, how to deal with some issues.
The site is complete gone now, and I will make everything new.
I would like to know, how to make better for future.
My password was very strong with a mix of 16 small and big letters, numbers and special characters and I used the correct Chmod. I always used sftp.
What else can I do, to make my site safer?
I remember reading in a thred - I could not more find it now- that one guy said, its good to remove something from the code to make it more safe. Anybody know, what I mean and can explain that to me?
A "How to" for after installation would be a great thing, to make everything as safe as possible.
How good is the Security Wall? Anybody experiences with that tool? There are no reviews on the market place.
And what happens to my apps I buyed from the market place? Will I be able to use them still, when after deleting I install my site new?
Can I simply release the apps from the old page and instal them to the new. I just got them some days ago and would not like to pay again for them. I had no chance to use them, as emediately I got attacked.
Thank you
Jaroslaw
Thank you for your answer, but I didn't wrote, the attack would come through concrete. That has nothing to do with my questions, you can find in my thread. I only want to know, how to make it better in future.
I use concrete5 a while now and am happy with it. It's not the case, that I say, the fault would lay by concrete5.
I know many ways, subjects hack a website or server and that even big sites are attacked too. I am aware, that there is no 100% solution. But I want make the best possible. That I wanted to know and how to deal with my apps.
Thank you anyway.
Jaroslaw
I use concrete5 a while now and am happy with it. It's not the case, that I say, the fault would lay by concrete5.
I know many ways, subjects hack a website or server and that even big sites are attacked too. I am aware, that there is no 100% solution. But I want make the best possible. That I wanted to know and how to deal with my apps.
Thank you anyway.
Jaroslaw
What version C5 were you on.
I have had a few old c5 installations compromised 5.3.3.1, 5.4.2.2 so far has being ok.
I have had a few old c5 installations compromised 5.3.3.1, 5.4.2.2 so far has being ok.
I had version 5.4.2.2 but that doesn't matter. As I stated in an other tread, FileZilla was the troublemaker.
Now, I have already cleaned everything and I will put version 5.5.0 on.
In future I treat password and security more sensitiv. There are more and more bad guys out. Ten years back was no telling of this kind of problems.
I changed my system now and use online only on linux and windows only for graphic because of adobe. For the future I plan to change from windows to Mac.
Instead of sftp I use now only ssh.
Now, I have already cleaned everything and I will put version 5.5.0 on.
In future I treat password and security more sensitiv. There are more and more bad guys out. Ten years back was no telling of this kind of problems.
I changed my system now and use online only on linux and windows only for graphic because of adobe. For the future I plan to change from windows to Mac.
Instead of sftp I use now only ssh.
This thread may be of use:
http://www.concrete5.org/community/forums/customizing_c5/site-hack-...