ICEFIRE Webmaster Board  

Go Back   ICEFIRE Webmaster Board > CjOverkill Support Forum > CjOverkill SECURITY

CjOverkill SECURITY CjOverkill security patches and discussion

Reply
 
Thread Tools Display Modes
  #1  
Old 25th August 2010, 05:32 PM
Xeandrac Xeandrac is offline
Junior Member
 
Join Date: Jul 2009
Posts: 15
Default hacked version 5.1.1

Hi, today I got an error message:

"Fatal error: corrupted data in encoded file in..."

So I called my host, the told me the index.php was changed on 25 aug 2010 at 07:07.

Maybe there is a leak or weakpoint somewhere, maybe it's nothing.
Everything seems to be in working order, my site(s) are working normal as far as I can tell. The traffic is still counted and going out to the trades so there is no harm done.

Just figured I let you know...

Best regards,

Xeandrac
Reply With Quote
  #2  
Old 30th August 2010, 12:57 PM
ICEFIRE ICEFIRE is offline
Administrator
 
Join Date: Sep 2008
Location: Galaxy Media
Posts: 503
Send a message via ICQ to ICEFIRE
Default

If you mean the index.php in the cjadmin, that one is the same since version 5.0.1.

There are two reasons this file may have got corrupted.

1 ) A HD or system fault on the server side. It shouldn't happen, but it's still a machine and can fail.

2 ) You have a virus or something like on your machine that tries to change the files on the server side as soon as you login via ftp. Just check your computer for virus.

I think it may be a server side fault if your host machine got really busy at some point.
Reply With Quote
  #3  
Old 6th September 2010, 01:41 PM
Xeandrac Xeandrac is offline
Junior Member
 
Join Date: Jul 2009
Posts: 15
Default

Since I did not log in through ftp on the 25 aug 2010 at 07:07 is has to be a glitch on the server.

Thanks for the reply
Reply With Quote
  #4  
Old 13th September 2010, 05:32 PM
Xeandrac Xeandrac is offline
Junior Member
 
Join Date: Jul 2009
Posts: 15
Default

After having another incident on other files my host an I came to the conclusion that someone had to be listening in on the FTP. So to be on the safe side we decided to change all passwords including the Db passwords.

I am unable however to locate a 'change Db password' field in the network settings. Do I need to adjust the pass in the config.inc.php file?

Best regards,

Xeandrac
Reply With Quote
  #5  
Old 13th September 2010, 06:47 PM
ICEFIRE ICEFIRE is offline
Administrator
 
Join Date: Sep 2008
Location: Galaxy Media
Posts: 503
Send a message via ICQ to ICEFIRE
Default

The config file is a clean text php you can edit with any text editor. There is stored only the database user and pass, so you can put the correct values there.

Your host should have some kind of control panel that allows you to change the database password itself. CjOverkill has no option to change the database password from the admin panel nor it has such feature into the script, just as a security measure and to avoid people locking their own sites by mistake.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 05:48 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.