11
Stewdio
Re: Trouble with xoops
  • 2003/12/4 19:48

  • Stewdio

  • Community Support Member

  • Posts: 1560

  • Since: 2003/5/7 1


Quote:

ManXP wrote:
Yeah, it's everything OK now, i contacted my host provider and they reinstalled PHP. But after this i know one new thing - XOOPS isn't safe CMS. Yes, i mean very unsafe. Because my website was closed just for several minutes, but people already "hacked" my SQL base, they just copied a few files from my XOOPS site and they know SQL Base password now. When they know SQL password, they can browse tables and to view all users information, such as login and password. What can i do now? These people aren't "black hats", but it took just few minutes to get all my password from XOOPS.


Create a new user/pass and DB for that user (you), then reinstall xoops. Be sure to delete the proper files and chmod correctly. This should not have happened under a correct configuration.

If you want to keep your news items and such, be sure to backup and download the appropriate tables from your database so that you can reinsert them after your new installation.

Just my two cents.

12
ManXP
Re: Trouble with xoops
  • 2003/12/4 20:40

  • ManXP

  • Quite a regular

  • Posts: 231

  • Since: 2003/8/14


Hm, i don't want to delete and install XOOPS site again for some reasons. I changed my SQL password, but the website didn't work, i got an error, that it's impossible to connect to SQL. Anybody know, how to change SQL password and keep my XOOPS site working?

13
Herko
Re: Trouble with xoops
  • 2003/12/4 20:48

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


ANd the user passwords are safe, because XOOPS saves them as MD5 hash values instead of the actual passwords. MD5 is an encryption method, and it can't be decrypted, so not even when they know this, can the hackers find out the passwords of your users. Because the hosting provider failed to install their services like they should, PHP files weren't parsed and the mainfile.php (which holds the mySQL database password, you're correct about that) could be read. But with every server that has its services set up correctly and parses PHP files, this information is as safe as you can get it. So, XOOPS is as safe as any PHP application and the security breach is completely to be blamed on your hosting provider!

Herko

14
CBlue
Re: Trouble with xoops

You change the database username and password through your CPanel's database admin and you will also need to change your mainfile.php to the new database username and password.

Login

Who's Online

399 user(s) are online (278 user(s) are browsing Support Forums)


Members: 0


Guests: 399


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits