Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Website Continusously Hacked! 
 
express33
Member
 
Total Posts:  52
Joined:  2009-06-29
 

so my website gets continuously hacked.

I’ve reinstalled magento and from now on I use sFTP, I don’t store the password in the ftp client.

What else can I do to prevent attacks.

If you read my other threads here: http://www.magentocommerce.com/boards/viewthread/65897/ and here: http://www.magentocommerce.com/boards/viewthread/59441/

you’ll know the hackers insert text and damage my site, the 3rd attack was the worse, they inserted it everywhere!

so how do I prevent these thugs from doing this again. I don’t even understand why or how they do this? why my site!

I have a couple of questions:

1) what should the permissions be for the root folder of magento?
when you install magento it has to be 777, but what do i change it to then? and what “key files” have what permissions.

2) would an ssl certificate help in anyway, and what should I get for under $100/year

3) what are all the possible ways they could have agained access to my site? i don’t have any viruses on my computer, as I did a scan several times of my PC and my website and nothing was found.

THANK YOU SO MUCH!

 
Magento Community Magento Community
Magento Community
Magento Community
 
WebhostUK LTD
Sr. Member
 
Avatar
Total Posts:  163
Joined:  2009-08-27
UK
 

Hello,

First of all install mod_Sec and suphp on your server this will make sure that your folder permission is 755 which is much secure and will reduce hack issues by 99% on your site.

 
Magento Community Magento Community
Magento Community
Magento Community
 
express33
Member
 
Total Posts:  52
Joined:  2009-06-29
 
WebhostUK LTD - 08 December 2009 12:48 AM

Hello,

First of all install mod_Sec and suphp on your server this will make sure that your folder permission is 755 which is much secure and will reduce hack issues by 99% on your site.

what is mod_sec and suphp? what do I do and where do I access this?

 
Magento Community Magento Community
Magento Community
Magento Community
 
ShopMagCart
Member
 
Total Posts:  70
Joined:  2009-01-04
 
express33 - 08 December 2009 06:11 AM

WebhostUK LTD - 08 December 2009 12:48 AM
Hello,

First of all install mod_Sec and suphp on your server this will make sure that your folder permission is 755 which is much secure and will reduce hack issues by 99% on your site.

what is mod_sec and suphp? what do I do and where do I access this?

You will need to speak with your hosting company as those are not part of Magento.  They are run at the server level.

 
Magento Community Magento Community
Magento Community
Magento Community
 
WebhostUK LTD
Sr. Member
 
Avatar
Total Posts:  163
Joined:  2009-08-27
UK
 

Yes correct ..your hosting provider should take care of this.

On all our servers we do maintain the same level of security by default to avoid such hack issues,

 
Magento Community Magento Community
Magento Community
Magento Community
 
Sonassi
Sr. Member
 
Avatar
Total Posts:  217
Joined:  2009-05-20
Manchester, UK
 
express33 - 07 December 2009 10:12 PM

so my website gets continuously hacked.

I’ve reinstalled magento and from now on I use sFTP, I don’t store the password in the ftp client.

What else can I do to prevent attacks.

If you read my other threads here: http://www.magentocommerce.com/boards/viewthread/65897/ and here: http://www.magentocommerce.com/boards/viewthread/59441/

you’ll know the hackers insert text and damage my site, the 3rd attack was the worse, they inserted it everywhere!

so how do I prevent these thugs from doing this again. I don’t even understand why or how they do this? why my site!

I have a couple of questions:

1) what should the permissions be for the root folder of magento?
when you install magento it has to be 777, but what do i change it to then? and what “key files” have what permissions.

2) would an ssl certificate help in anyway, and what should I get for under $100/year

3) what are all the possible ways they could have agained access to my site? i don’t have any viruses on my computer, as I did a scan several times of my PC and my website and nothing was found.

THANK YOU SO MUCH!

 
Magento Community Magento Community
Magento Community
Magento Community
 
fr0x
Member
 
Total Posts:  59
Joined:  2009-05-20
 

Can you look at your FTP logs for the server to see if anyone (other than your IP) is FTP’ing in?  That way at least you know for sure its your FTP login credentials that are comprimised (and maybe, as a temporary solution, block that ip).

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top