Posted on: 11/03/06 04:54pm
By: Imaginate
You were quoted as saying before...
I would actually worry more about the directories than about config.php. The backups directory invites anyone to download database backup (if they can guess or somehow find out the file name), the systems and plugins directories may contain files that could be used for spamming or even hacking your site, ... config.php is only at risk in case of a server misconfiguration.
----------------------
Last night my server was used for spamming and I'm assuming that it was from a improperly installed geeklog site... beside fixing those installs . Is there anything in particular to look at that still might be left behind from the original exploit.. is there passwords that should be changed or anything? Basically once the site has been hacked is it safe once the reinstall has happened.
Garnet
Site hacked and used for spamming
Posted on: 11/03/06 05:20pm
By: Dirk
Using the site "only" for spamming doesn't require any hacks, if Geeklog wasn't installed properly. Check the webserver's logfiles for requests to files that are normally located outside of public_html.
If the site was hacked, check for files that shouldn't be there, i.e. are not part of Geeklog. Those are often "PHP shells" that allow execution of Unix commands from the browser.
As for accounts, change the passwords on all admin accounts and check if any other users suddenly have admin access (from the list of groups, use the list icon in the second but last column to see who's a member of a certain group).
bye, Dirk