[Thanos]

Canadaka Canadaka:

Restored the site files from a backup from a few days ago to fix the Crypto crap.

Thx, dawg

[DrCaleb]

Trev has fixed all the bugs!

Yayyyyyy!

[Canadaka]

ok things should be working better now

[Strutz]

Thanks Trevor!

You should come around more often as it would be nice to see you.

[Canadaka]

I got the site back working. Sorry I was on vacation in New Zealand and missed some messages.

We should maybe get someone else with some hosting admin access.

The site definitely keeps getting hacked, there is an exploit somewhere allowing a hacker to upload files to the server they then usually use that to delete and modify the .htaccess file.

Who knows where that code exploit could be... so much of the sites code is SO old.

I've changed all the passwords several times, so i'm fairly confident they are not logging in authenticated to FPT or something.

[DrCaleb]

Did you get the link I sent about the methods they use? I had hoped it might be useful.

I did mention too a few pages back that the version of php was well past support. Is it possible to upgrade it? Also limiting rdp and ssl access using certificates and ip restriction might eliminate hacks.

[Canadaka]

I don't have the link. The PHP version cannot be upgraded, the frameworks that run this site are too old.

I'm almost certain its some form somewhere on the site that allows file uploads, they have found an exploit on to upload a file.

[Scape]

Is starting from scratch an option?

[Canadaka]

I just don't have the time. I'm doing a big audit of all the folders and files. Finding a bunch of scripts the hackers have left around, naming in ways to hide them. Also using a Malware scanner tool. After I will try and disable some old forms that allow uploads.

[DrCaleb]

Canadaka Canadaka:

I don't have the link.

I sent it on Steam.

Scape Scape:

Is starting from scratch an option?

I was thinking an in place transfer of data to a new system. Mastadon or something similar.

Its how I'm transferring a large amount of cloud data lately.

[Scape]

If the site is riddled with holes and not secure then why keep it up it the current state? They are only going to do it again and anyone who uses the site is at risk. The alt site can suffice if time is the issue.

[herbie]

Bin dare dundat.
The hack copied files into every directory and subdirectory of every website on the server. Hell of a weekend wasted.
Ended up changing cpanel password, and the site admin passwords, disabling ALL ftp access and setting all .htaccess permissions to 444 as well as the config file. Then as all the sites were pretty static, set the server to backup site & db daily.

[DrCaleb]

Scape Scape:

If the site is riddled with holes and not secure then why keep it up it the current state? They are only going to do it again and anyone who uses the site is at risk. The alt site can suffice if time is the issue.

Take the DBs; comments, photos, users, - and move that to a new framework. Something secure. Its pretty hard to hack a site from data alone. Leave the hacks behind.

I just hate wasting 20 years of data.

[Canadaka]

herbie herbie:

Bin dare dundat.
The hack copied files into every directory and subdirectory of every website on the server. Hell of a weekend wasted.
Ended up changing cpanel password, and the site admin passwords, disabling ALL ftp access and setting all .htaccess permissions to 444 as well as the config file. Then as all the sites were pretty static, set the server to backup site & db daily.

Yah I've done all this. I've just now disabled a bunch of the old forms on the website that allowed uploading a file, maybe some of them don't check file mime types.

I think I did a good cleanup of any nefarious files, but running another complete scan with ImunifyAV scanner, which will take several hours.

I also fixed a bug with the homepage cache, the page would just load blank sometimes due to an encoding gzip issue.

[Scape]

DrCaleb DrCaleb:

I just hate wasting 20 years of data.

I get that but even Pharmanet goes only 6 months/1 year before it archives. I am not saying we need to pull the plug on the site outright but the day to day functions are compromised and a reason for that is the site is not being kept up to date.