| duck101 |
|
|---|---|
|
The worst case scenario has happened, my site has been hacked. I thought that it might just be a lucky guess for the passwords, but then I noticed both the forums and main site (which have been broken into to separate parts or sites per say) have both been hacked...... but this is not good for cotonti.they somehow got ahold of the my sql
BTW site should be on the left or go here Edit: SQL has been completely deleted. how is this possible that they got ahold of the my sql and all the passwords for the site ??????? |
| Kilandor |
|
|---|---|
|
This is the same "hack" as on the other psp site. I"m sure this is nothing Cotonti related or else this would have been the very first site hacked.
By the looks of it they gained access to cpanel/ftp, or something of the sort. You should see about accessing your raw logs changing passwords etc. Who are you really hosted through? |
| young mone |
|
|---|---|
|
please stop making different topics of the same site and i don't think this is a hack by an hacker as my sites are still up and have been tried to hack with sql injection its has to be the owner doing it
[url=<a href="">http://pspw.co.cc]All</a> your game needs and more[/url]
|
| duck101 |
|
|---|---|
|
Well my mistake was turning off the confirmation email b/c people weren't receiving them. But what I assume happened was they signed up to the forums and somehow hacked there way into the Admin/mod only forums where they accessed information to the main site (which I gave to only 1 person in a thread), signed into the main site then messed that up from there aquired information to log into the my sql? I guess I shouldn't keep information like that on the site. But anyways this is a very skilled hacker, I split the site into forums and the main site for security protection in case someone hacked one part then I would still have the other.
The only other possiblity is by one of my own mods which I trust very much. so is there anyway that someone can somehow access a forum sectin set to only admin's and mod's if they aren't |
| Kilandor |
|
|---|---|
|
What do you mean you split the forums and main site?
If you give admin panel access they basicly usually have full admin access you can't limit it. Giving admin on a forum section only allows them to do forum moderation nothing more, the same for pages |
| duck101 |
|
|---|---|
|
My forums is a sub-domain of my main site and is completely separate, different files, my sql ect. so for them to be able to do this they would had to have gotten ahold of 4 separate user names and 4 separate passwords.
That's why this is such a weird situation, as no one would be able to have lucky guesses on that many passwords.  that's why I have no idea how it happened.I recently (a few days before the hack updated to the latest version of cotonti) which leads me to suspect a possible security problem with cotonti. |
| 5uper Mario |
|
|---|---|
|
Aww that's why the site is down.
sad Seems like a ton of PSP-Related sites are being taken out.... ... kinda a good thing if you think about it hahaha # Kilandor : This is the same "hack" as on the other psp site. I"m sure this is nothing Cotonti related or else this would have been the very first site hacked. Yea, that's what I said. Why "hack" a small site when there are bigger sites? And this goes back to when someone "hacked" newb - which is Seditio Believe me, PDC is a MUCH bigger site, with 10 times the # of banned people. They run Seditio. Only time people "thought" someone hacked is when the administrator played a prank. It is a much more hated site, yet they still remain? 000webhost |
| Kilandor |
|
|---|---|
|
So you use 2 different complete databases(and users) for your forums and main site?
There really isn't much more security advantages if your doing that. The "hack" is gaining more than just access to cotonti. They are gaining access to your SQL and files (as far as I could tell) cause it seemed they did htaccess redirect all pages to their "hack" page. And it sounded like they wiped all the sql. So again its far more likely they gained access to your web panel. So far these hacks have only happend in the PSP community, which i'm willing to guess they all also are still using 000webhost You still have not answered who you are hosted through. |
| duck101 |
|
|---|---|
|
Yes 000webhost
I was talking to another person about this and he made a good point. It's very possibile that someone could have used a tracking cookie to get access to my passwords. Anyways I think you guys are right in that the problem doesn't lie with cotonti, but it still does seem weird that it happened so soon after I updated to the latest version. Anyways thanks for all of your help, I have a backup and hopefully will come out with minimal damage. |
