Quote:
Originally Posted by gollum65
The specific URLs mentioned in the CBL thread are different, but the method of the attacks appears to be identical. We haven't really discussed it a lot on my site as it just started happening this week.
Feel free to contact me if you want a couple of sample files I kept that have the edited code. commish(at)ashmaplebaseball.info
And yes Curtis, I realize that's why they do it. Just have to vent my frustration and annoyance somehow.
|
Thanks.
May I ask what host you're using? We were using hostmonster.
I see that you're using SMF forums while we were using phpbb2.x forums. I thought that
might have been where the hole was, but there have been cases of sites not using the same boards in the past so I doubt it.
It looks like you're just using simple html, not php like we and others were, so that's probably not the problem.
I'm now thinking it might be folder permissions, but I'll have to look into that topic a bit more. I may end up asking you tell me yours. You can easily check it if you have ftp access.
I'll email you for those files, but if anybody else experiences the same problem feel free to email me some sample files at kq76 at hotmail.com. Please point out the offending code for me or at least detail what you see in your browser.
I'm no website security expert, but I like to think I know at least a tiny bit about the topic. Regardless, I'll ask in OT if there's anybody that can help us. When I thought it was just one or two leagues I didn't think it was that big of a deal, but if it's more then I'd like to put this down immediately.
I would have recommended going to a single page site for awhile, but yours looks so simple (no disrespect, I'm just saying it's likely not the problem) that there's no point. If it does happen again, just re-up your files and sooner or later they'll probably just move on to another site. I know, it's not the best of solutions, but unless we find better that's the only I know of.