Hi,
after an Malware attack, I ask my self how to make Piwigo saver for attacks.
Some on told me, one problem could be that Piwigo is using smarty 2.6.26 with on problem for attacks.
Are there any other measurements I can do?
Rgs.
Joergen
Offline
Hello
more detail about the attack, and what script you had (piwigo extensions, other php files...) etc would help much more
Offline
Hi,
first of all the question is more general, what can you do to make it more secure or prevent attack/hacks etc.
The question is based on my experience, described here.
http://piwigo.org/forum/viewtopic.php?id=21209
http://jeffreysambells.com/2012/12/12/anatomy-of-a-hack
Actually I had the following Malware in Piwigo and on my Private Homepage: js/exploit-blacole.ht
And it looks like it was distributed by the known FTP password. :-(
See also attachment pic.
Last edited by Joergen (2013-02-01 19:52:04)
Offline
Most of hacks comes from the interception of the FTP passwords or it's a PEAK issue
Use Sftp, use specific password or better use SSH, use differents passwords for each (MySQL , piwigo, facebook etc)
Nothing related to Piwigo
Offline