WebYep site hacked (sort of…)

General discussions about WebYep
Eelco
Rank 1
Rank 1
Posts: 25
Joined: Sun Sep 18, 2011 1:50 pm

WebYep site hacked (sort of…)

Postby Eelco » Sun Oct 06, 2013 2:35 pm

Yesterday I received some alarming news: one of the websites I made was hacked.

In the "data" folder someone placed a .php file. This was not uploaded as a WebYep attachment (as the site only uses short text, long text and img webyep elements), and I have not found out yet if snooped my ftp login (as most hosts in the Netherlands only offer ftp access instead of ssl or even sftp).

The file was there for a few days: WebYep did in fact give notice to the users of the cms, but they ignored the warning for more than a week before they got in touch with me.

As the "data" folder has to be CHMOD 777 it is probably the weakest link for a WebYep enabled website. Is there a way to "script" a security solution?
Is there a way to simply delete all *.php, *.js or *.html files within the "data" folder (or "disarm": those files: to replace the extension with something else)?

Max
Rank 4
Rank 4
Posts: 163
Joined: Wed Nov 08, 2006 10:39 pm
Location: UK
Contact:

Re: WebYep site hacked (sort of…)

Postby Max » Mon Oct 21, 2013 11:39 pm

hi Eelco
this has happened to me on two occasions in the last 6 years although both times the webyep system flagged up the error/warning message and none of the files were effected in anyway. The open folder is the weakest point but it would be virtually difficult to be 100% hack-proof. You may be able to restrict the file type allowed to be uploaded onto your server but you will need to do some investigation via your hosting provider.

sorry i couldn't be more helpful
max

TeamSDA
Posts: 5
Joined: Tue Jul 17, 2012 6:40 am

Re: WebYep site hacked (sort of…)

Postby TeamSDA » Fri Jan 03, 2014 12:42 am

Hello Eelco and Max…

Realize this is an older post but I was just working on a site where I wanted to restrict specific file types and came here for help. I found the following Stack Overflow post which I hope is helpful.

http://stackoverflow.com/questions/1610 ... -directory



Kind Regards,
Dave

TeamSDA
Posts: 5
Joined: Tue Jul 17, 2012 6:40 am

Re: WebYep site hacked (sort of…)

Postby TeamSDA » Sat Jan 04, 2014 1:46 am

OK… Gave the method for defining which file types would be allowed a try but it did not seem to work. Also not sure how to address the data files WebYep is creating as they don't have any file extensions. Any thoughts?

Kind Regards,
Dave


Return to “WebYep (english)”

Who is online

Users browsing this forum: No registered users and 1 guest