Quote:
Originally Posted by yodameister
For now we are disabling all forums, blogs, picture uploading capacity, etc. We hope that this will clear up the problem (for now).
|
That won't totally solve the problem, as disabling the photo galleries and forums will only continue to hide the underlying security loophole.
Check your access logs, and see if you can find anything there.
Check the file/folder permissions of the root directory. If it's are listed as 777, this is a security problem. Change (chmod) them to 770 or 755. You can create subfolders with a chmod setting of 777, but only do so where your scripts actually need file creation/deletion/alteration permissions. If all you have in a directory is static HTML files that you alter via FTP, lock down the file permissions for that directory.
If users can upload files through a script, make sure the script is doing proper checks of the file to verify the contents. Check PHPbb or your photo gallery websites for any plug-ins that provide extra security in this department.
Check to make sure there aren't any additional user accounts with administrator privileges. If the hacker found his way into your website, he could have also gained access to your Control Panel, where he could have created a back-door FTP user account with a separate username and password.
I'd suspect that there is some sort of backdoor entrance somewhere (perhaps one exploited by a security loophole in your scripts), especially since you said changing passwords didn't solve the problem. Check everything. FTP. Forums. etc.
And last, but not least, make sure your passwords are secure. Don't pick obvious things. Use lots of 'weird' things like l0w3rcaS3 & uPpeRca5e letters, along with 5pEC!aL cHaR|\CT3r5. Make long passwords. Don't ever store your password anywhere except your head.