SmokyHosts Support Forums - Webhosting and Webdesigning Support!

well they have another backup from 4th november, but after the hacking (at least in my case)!

He's on vaction or something? My site has been disabled for over 1 week now. Anyone heard something from him or the hosting company?

where is SHAdmin, I havent seen him since this problem, neither he responding to the posts nor to the PMs

My apologies to all of you for not keeping you all updated over the proceedings.

I am farely aware of all this hacked stuff on the server and me along with other server administrators (employed by SmokyHosts) and a professional server management company (to carry out the security audit) were working on getting hold of the hacker, cleaning up the server with any infected files/data that the hacker would have left on the server and monitoring the server for any further hacking attempts. Now, after monitoring the server for the return of any hacker, i am confident that the security measures that have been put into place are good enough to give you all this update.

However, please, consider this a request, reminder or a warning, please update all your ourdated PHP scripts within 1 week or your accounts will again get suspended due to lack of security on your accounts.

The paid hosting members were being given full timely support via our support portal.

I fear to say that the hacker is a member on the forums, who also has a free hosting account as well as a paid hosting account on the server on the paid hosting accounts server. This is one main reason i didnt want to post the proceedings over the past a week or so which will lead to alerting the hacker. I am sorry, but since we couldnt pin point the exact hacker, so i only felt it safe not to post any update on the forums thus leading to further controversies.

Even though I know now, I wouldnt like to post here in the public as to how the hacker would have got hold of your accounts.

It was finally determined that the hacker didn't gain any root access to the server. So the server as a whole is not compromised. Currently extreme measures have been taken to secure the server and carry out many security audits.

You people may see a "Internal server error" pages. You are getting this due to the many security measures being placed. Please PM me and i will rectify this issue on your account.

Also, i would like to thank all the members of SmokyHosts, specially naming TheCrymsonLegends (you will not be punished for your bad words as understand your frustration ), to handle the issue without things going out of the way and keeping trust in SmokyHosts.com

Lastly, at SmokyHosts, we perform weekly and monthly backups. But since the last weekly backup may include some already compromised accounts backed up, the only backups that will be restored will be those that were taken a month back on the 7th of October 2007.

Once again, sorry for all the hard work that you all would have put in the past 1 month of your websites work and thank you for your continued trust and support.

Though it may take a couple of hours, all the PMs will be answered to, soon.

Thanks for the information and the update, I can understand the measure you took to secure all the websites and your webserver, I hope the hacker get what he deserves so we can run our websites as usuall and you can continue run your wonderful business as usuall.

Thank you and my apologies for the language. As for the last available back-up I do feel confident that it will be fine for me, feel sorry for anyone else who's updated since then.

About the scripts posting potential security risks could be even the scripts which most people would normally use. If your php scripts are using single ( ' ) instead of the double ( " ) then that is an outdated source of php scripts.

Instead of simply taking off the accounts just set up a point deduction system in order to regain access to an account. After so many times of it happening you could suspend the accounts. It gives people time to build scripts and re-build them. Prior to this single event I've never known anyone from Smokyhosts to get hacked. I strictly believe that even the most up to date scripts could cause potential security risks as nothing is perfect. So I believe that if something causes a potential risk it shouldn't be deemed bad but use this to steal some points from these members... lol. Even Nuke Evolution has potential security risks but they update it and the more coding they do there are more potential risks popping up. So try not to be too harsh unless the script causes a wide spread risk against more than the member running it.

I'm using phpBB3 RC7, is that secure enough?

Tails5 wrote:I'm using phpBB3 RC7, is that secure enough?

I would assume with any Release Candidate there could be potential security risks. Even the most up to date versions of anything could have security risks which could pose threats to allowing any hacker to infiltrate your website. The odd thing about these recent hacks is due to the fact they gained Cpanel access which even with some scripts they could only gain access to the intended website, such as deleting any forums on a board or gaining administration privileges to any nuke portal. Cpanel hacks can only happen through any script directly intended to retrieve access information from the main server. For this I would only trust scripts which are very widely used such as phpbb, vbb, nuke evolution, and anything that has an extensive support team. If you find a file on a website saying PhP Nuke Extreme Full Edition of some random name of something then maybe it isn't the best solution.

Please remember that people are sometimes very twisted and that particular script you are looking for could be a potential risk because people know it's wanted. I would advise asking any friends who know php or maybe asking someone on the forums who knows php to glance over any script you are trying to implement into your website for any malicious attempts of a faulty script.

As I said above it is nearly impossible to tell that something can cause a potential risk, while server administrators do have access to scripts that look for potential problems it could cover a vast amount of possible risks which would never be exploited nor completely dangerous. If you plan on using any portal of board system please update it on a constant basis to be sure you have the latest version for security fixes. Also check on the website frequently to the content management system that you are using for any quick security fixes.

If you are custom building your scripts by hand please check up at a couple help websites to check for the newest and securest methods of coding. Once again there are some minor differences you can do which could make your script/web page look potentially harmful.


The one above is one method of coding and is outdated, so the next method is the most recent way to code the particular line.
Notice the quotation marks are quite different, and even something as simple as that could cause a potential risk to your website. The following codes are likewise examples of how to help secure your script.
Now for a more secure method
While both methods work and what causes them to be any different in security I have absolutely no clue. Also you never want to put any database information into any page which is to be viewed directly. If you plan on using mysql databases please remember to use a separate file which would be named database.php. If possible be sure to keep all your folders and files property rights the way they should be. The whole 777, 676, 464 and such. It will make a world of difference if any database file is in a folder which cannot be viewed by anonymous sources.

I do believe someone has already posted a method of keeping your php scripts much more secure in the How-To section, please visit there and look it up for anymore information. To those using any form of content management system I would suggest only using full versions and staying away from beta or release candidate versions due to the potential amount of security flaws, if you do plan on using these types of websites try to at least keep an eye out for any quick fixes for security flaws and updates to the newest version.

Thank you for taking your time to read this, I hope it serves some people well and I hope that this experience has not changed your views about Smokyhosts nor it's services as it has been wrapped up and the problem has been found. I also hope that we strive to set a new goal of keeping away from these incidents again as Smokyhosts has a superb security record and as always a quick response to almost any issue brought up.

Take it from nearly one of the oldest board members here besides SHAdmin himself, I wouldn't lie to you when I say that smokyhosts has been the best web hosting company I have used and I have yet to stray to find any other host... .

I know basic PHP, and there's nothing in my php scripts that allows complete root access, the one thing that could have before, was I used my main sql password(same as my cPanel password) in my forums/config.php file, but now I've injected a new user, made a VERY random password, used that in my forums/config.php file, and edited my cpanel password

Well if you use some other scripts which come from coders such as Nuke Evo or VB they can have insecure scripts located in them, which is hard to find until they come accross it. When they issue a security fix they tend to give out more information than neccesary and if you do not update that flaw anyone who knows a good deal about hacking could enter your site through it and if they find your config file they could do good ammounts of damage. While if you even use different sql databases and such, it still grants access into your account through FTP, once in the ftp part they can get just about anything they need. This would explain how only few members of smokyhosts was affected instead of a mass ammount. I hate to admit it but I did have outdated scripts on my account which could explain how mine was taken.

I was using Nuke Evolution Release Candidate 2, and even they have some security flaws if isn't updated. Please update frequently as by the time hackers figure out how to get through a script the people working on it should already have figured it out and released something to patch up the hole.

While we all would love to believe we couldn't of been hacked, it seems that no one is perfect. We must acknowledge that it could of been outdated scripts and keep those things updated so that it cannot happen again. I know I've learned a valuble lesson I just hope we all heed to this warning and keep our sites safe and secure.