HACKERS AGAIN

[Tata]

I am slowly sick of the hackers attacking my websites. You sure remember my posts in: http://cmsimpleforum.com/viewtopic.php?f=5&t=930
At first attack mostly only a redirecting code was inserted into any index.* file. Bigger files had this hacker's code inserted within their content and the rest of their original code was gone.
Today one of my websites a hacker "visited" again. The only manipulated file was the cmsimple/config.php. It was replaced with some Arabic static webpage. There was no damage to the page itself, only the config was rewritten.
Now:
1. I have a static IP defined in my FTP account
2. All previous passwords are changed
3. All index.* files are CHMODED to 444
4. The website is built on CMSimple 3.2
5. There is the .htaccess file in the /cmsimple DIR:

Code: Select all

order deny,allow
deny from all 

How the damned hackers could manipulate the config.php?
What else to do to avoid these suprises?

[CMSimple-Styles.com]

Do you have global variables enabled? Which PHP Version is running? I had only one time problems with Hackers and it was because of the unpatched old CMSimple with global variables on. Since running PHP5 i had no problems at all!

[Holger]

Have you ever had a look into your server-logs?
As I told you before, it is IMO not a CMSimple related problem.

Holger

[Tata]

@CMSimple-Styles.com

Do you have global variables enabled? Which PHP Version is running?

php 5.2.4
register_globals On
@Holger
Since previous attacks I search the logs up&there. But to be honest - I am not very smart about this. I made some editting on the website this morning (about at 9:00 AM). In the last log file, however, there is no record about this (see in PM). What shall I look for?

[Holger]

First of all: turn off register_globals

... nothing special found in the snipped of your log.

Holger

[Tata]

I can contact and ask my ISP to change my php.ini settings only on Monday.
Will this solve the problem too?
.htaccess

Code: Select all

order deny,allow
deny from all
AddHandler application/x-httpd-php5 .php

[Holger]

To turn off register_globals in .htaccess use

Code: Select all

php_flag register_globals off

Holger

[Tata]

Is it enough to add this to .htaccess only in /cmsimple or shall I change any .htaccess file in the entire installation?

[Holger]

Hmm, I'm not sure if this is depending on server settings.
Normally it's enough to put such PHP settings into a .htaccess file at the root - folder.

Maybe anyone else can help on this...

Holger

[Tata]

It seems to have a conflict with the server settings. Uploading the file with

Code: Select all

php_flag register_globals off

to to root returns

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, root@myISPprovider.sk and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.
Apache Server at mydimain.sk Port 80