Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
NVGADeveloper Posted May 22, 2012 Posted May 22, 2012 Hello, we were recently hacked by the following:http://forums.oscommerce.com/topic/345957-evalbase64-decode-hack/ as we us invision boards as our source CMS but we use WP for the frontend of the site. My system adminstrator was curious what security and permissions items should be have in place to insure that we don't have this issue again. We have put in a ticket to invision as well as we are looking for documentation on security for invision. Thanks
Grumpy Posted May 23, 2012 Posted May 23, 2012 Are you hosted on invision power's hosting service? Or elsewhere? If elsewhere, what is your setup? On the general question of what is a "secure setting". We can't answer that. No one here can say it conclusively because it depends on literally hundreds of factors. It's not a simple thing and there is no silver bullet that solves the issue. That's why you get a good system administrator to figure it out. For example, in big picture: we don't know your operating system, and in small picture: we don't know what php mods you are running. All these things are factors to the answer of "what is the proper settings".
NVGADeveloper Posted May 23, 2012 Author Posted May 23, 2012 We are hosted somewhere else. As for setup we are currently running off Linode.com and using linux.
Grumpy Posted May 24, 2012 Posted May 24, 2012 Linode is managed. You can contact them and tell them that you've been hacked. Have them secure your server. As for IPB's permission recommendations, they are available here: http://community.invisionpower.com/resources/documentation/index.html/_/documentation/getting-started/chmodpermissions-guide-r16 Also, to note, the "eval(base64_decode Hack" is not a method of hacking. It is the aftermath of the hacking. The hacker got access to your website somehow and they planted that there. So, having shown that this hack exists does not explain how you were hacked or what you should do to prevent from getting hacked again. Some general tips: - Keep a secure password. And when I say secure, I mean secure and don't use the same password else where or at least limit number of places that shares passwords. - Many plugins are not secure at all. You should be heavily concerned everytime you choose to add a plugin.
NVGADeveloper Posted May 25, 2012 Author Posted May 25, 2012 Hey Grumpy, Linode is very limited in their support. The will tell you if you server was hacked but will not do much to help you fix it. My other host ixwebhosting is a lot more helpful. Thanks for link to the doc. I will send this to my admin.
raindog308 Posted May 29, 2012 Posted May 29, 2012 On the general question of what is a "secure setting". We can't answer that. No one here can say it conclusively because it depends on literally hundreds of factors. It's not a simple thing and there is no silver bullet that solves the issue. That's why you get a good system administrator to figure it out. For example, in big picture: we don't know your operating system, and in small picture: we don't know what php mods you are running. All these things are factors to the answer of "what is the proper settings". There's no silver bullet but there's nothing wrong with asking for advice here. After all, a good/great sysadmin will likely know zero about IPB software. He/she will know how to secure the server, but if the attack is coming over port 80 to a vulnerability in the web/php layer, it really doesn't matter. Linode is not managed. If you want a good managed provider, you could talk to KnownHost - I have received fantastic support from them. In general: - strong passwords (16+ chars, etc.) - unique passwords (db password is different than login password which is different than the htaccess for your admin area, etc.) - if you're savvy, no passwords for shell login (use passphrase'd SSH keys instead so access requires having the ssh private key) - run ssh on a different port - just to keep annoying skiddies away - do everything the Security Center recommends - patch your OS and its packages - patch IPB and watch security announcements - install something like CSF/LFD/fail2ban/etc. - something that will watch your logs and throw up a temporary firewall (iptables) block if someone is trying to brute force a login, port scannnig you, etc. - follow the CHMOD guide for IPB strictly - versioned offsite backups without the credentials to erase them stored on the server - monitor logs - limit access - don't give out shell - if you have stuff other than IPB running on the box (wordpress, etc.) then of course you have to stay on top of those I'm sure there are more things but that should keep you busy for a while :-)
Grumpy Posted May 30, 2012 Posted May 30, 2012 You're right, Linode is not managed. My apologies for incorrect information. @OP, you can hire additional management companies as well. WHT has quite a few of those ads in their ads forums as well.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.