PDA

View Full Version : My gallery was hijacked


CEDillard
September 11th, 2005, 09:05 AM
My photo gallery requires a user ID and password to upload photos but does not require a password to view photos.
Last week I began seeing an anti-USA webpage when trying to go to the main page of PhotoPost. Basicially it said my page had been hijacked and displayed anti-USA propaganda.

I contacted my service provider who said little more than php products are suseptable to being hacked. And now the message no longer appears when I call up Photopost but is appearing when I call up phpBB.

Not being a security guru my question is: should this have been prevented by my service providers firewalls? Should I have done anything differently?
If I decide to move to a new service provider are my programs trashed and do I need to get a new versions of phpBB and PhotoPost?

I feel like I need to password protect my entire site (it an alumni site for an overseas school). I have done that on some sections but did not feel the photo gallery contained confidential information. If I password protect the site will I still need to scratch and reload the phpBB programs currently there?

Thanks for your suggestions.

Mathiau
September 14th, 2005, 04:29 PM
No - your ISP is not responsilb for a potential exploit in coding on a forum / php / coding.

you should be able to download the mysql databases / files from your current provider and move then to a new system, but they could containt modified code from the hacker

personally i would call that board a loss - and redo it from scratch and recover what you can.