Or maybe it's just the damn script I'm using.

This is the second time in 3 months I've been hacked...not just one of my sites, but they got all 4 this time. Thank goodness I know just enough to be dangerous with databases, and was able to restore the SQL with little difficulty. For the life of me, I can't figure out how they did it though.

I'm in the process now of searching for a new script to use (like I don't have enough headaches).

If anyone, in your travels happens to come across a script that can be used for a recipe site, please let me know.

Or...if you are a script writter, and want to make a bit of money, get with me, and we can see if something can be worked out. My contact info is in my profile.

I got a good script for French Onion soup if ya want my dear Nymph :okthumb:
& I'm glad your back posting again :)

Sorry to hear you are still having your run of bad luck :(

I got a good script for French Onion soup if ya want my dear Nymph :okthumb:
& I'm glad your back posting again :)

I could use something to eat right now, and french onion soup sounds good....ya gonna bring me some?

I'll be around a bit more for the next two weeks while I'm home playing nurse to my hubby. I was planning on working on SNG (I even bought a new script for it), but looks like I better do somthing with the recipes sites first :(

Sorry to hear you are still having your run of bad luck :(

I sure would like to know what I've done so terrible for karma to keep biting me in the butt like it's been doing lately :unsure:

You are certain that a hole in your recipe script is the access point for the hacker?

My TGP script templates were hacked last month, but the initial access point was via a hole in my traffic trade script.

You are certain that a hole in your recipe script is the access point for the hacker?

My TGP script templates were hacked last month, but the initial access point was via a hole in my traffic trade script.

Yeah pretty sure, they injected a string into my categories. I did a search, and this hack has been found before, but no fix for it, and they didn't give a lot of details.

and I don't want to hear about the tgp hack, I just got TGPX yesterday to set up :(

Yeah pretty sure, they injected a string into my categories. I did a search, and this hack has been found before, but no fix for it, and they didn't give a lot of details.

and I don't want to hear about the tgp hack, I just got TGPX yesterday to set up :(
Actually, of the five domains I have on that box running TGP scripts, the one using TGPX was the only one untouched, even though I was running the same trade script on all of them.

No fix for a known security hole is bad news. They just put bots to work looking for installs of that script to exploit. I hope you can find another script for the job that will allow you to import your existing data.

Yeah pretty sure, they injected a string into my categories. I did a search, and this hack has been found before, but no fix for it, and they didn't give a lot of details.

and I don't want to hear about the tgp hack, I just got TGPX yesterday to set up :(

Hey :)

Did you already send me a copy of that script? If not, throw one my way. It is pretty easy to protect against sql injection in most cases.

Actually, of the five domains I have on that box running TGP scripts, the one using TGPX was the only one untouched, even though I was running the same trade script on all of them.

No fix for a known security hole is bad news. They just put bots to work looking for installs of that script to exploit. I hope you can find another script for the job that will allow you to import your existing data.


That's good news, I'd hate to think I just put out money for a another headache ;)

The last hack was a new one too, but my server dude did the sql fix, and patched the script for me.

Right now I'm going crosseyed looking at different scripts...I might just end up doing a WP install, and reworking the whole site, although I'd really like to stay away from PHP & SQL...that combo still has that "bad taste in mouth" for me.

Nymph, hit me up on pm, got something for you

haha it would help if I had PM's turned on

they are on now, hit me up if you want a huge database for that recipe site ;)

A few basic security thoughts...

--make sure any input field processing protects against sql injection. there are a number of techniques for this.

--make sure directories that store things like templates and code at the very minimum are exluded in robots.txt

--better yet, any directory that doesn't HAVE to be accessible via the web should be .htaccess protected or stored outside your web path

--chmod is your friend. directories should be 755, files should be 644.

--patch early patch often. when a security patch for any script is released, everyone can immediately see where the holes are in the previous version and script kiddies will go looking for installations that haven't been upgraded.

--for the reason above, do not let version numbers of scripts display publicly.

--use strong passwords on all your admin areas, always use SSH and secure FTP

Jace, I just got back online, and sent you a PM....you are a doll ;)

Hell Puppy, thanks for the info, Sare is looking at it all for me now. If anyone can find the holes in it, I know he can...I swear I'm probably gonna owe him at least 3 babies for this one :rolleyes: