Quote:
Originally Posted by Alan T
Molarmite, does the FTP account used in the league file have full website access, or only access to the export upload directory?
If you are 100% confident that whomever is hacking has the logon/password and not using any site scripts to hack the server, then you probably have an account that has too much access. Restrict the account in the league file to only having ftp rights to the export/import directory and that should also help keep people from hacking your webpage.
|
Alan T, Molarmite currently has an all access FTP account. However, his most recent infiltration was only to his forum. Being his webhost, I'd like him to follow your advice in getting his machine scanned for any malware/trojan before we go on to the next steps(such as limited FTP accounts for the game only, etc.). His main site has been untouched since the attacks from last month, but that is not to say it is safe.
That said, I continue to see that the hacker is also placing iframes directly into the league reports as well. So I'm afraid that even a restricted FTP account for the game will not stop this cycle.
