To all Mambo users...please alert that many Mambo base CMS website have been recently hacked, all done by turkish hackers. The hackers did hack the website thru vulnerable third party components and modules such as gallery, forum and calendar.
Please back up your database as yours might be hacked too.
What is the cause?
1. Third party components like Simpleboardforum, Gallery and ExtCal has some vulnerability
2. Your directories is set to 777 which allow hackers to penetrate your system
3. Your web hosting provider did enable the php-variable register_globals
4. Your password is easy to trace
How to to prevent your Mambo site being hacked?
1. Update your third party components especially Gallery,Forum and ExtCalendar and others too.
2. Set your directories permission to 644
3. Turn the register_globals to OFF
4. Change your mysql password and your administrator password in Mambo. They know all your passwords because they gained access into your database which holds the passwords in a MD5 format.
5. Remove this two files in your Components folder web.php and haluk.php
6. Block all the IPs from the origin country of the hackers. In my case ie Turkey...sorry an alle turkische Freunde.
Technorati Tags:
No comments:
Post a Comment