|
We host several hundred websites with various CMS's. We've been hacked several times.
There were only two methods used:
1) File manager in CPanel, some exploit or root password (probably exploit, I dont think anyone would find out root password)
2) insecure CMS and their plugins - they were all Wordpress, Joomla and Zencart. In Joomla it was an exploit in the older version of the plugin JCE Editor for the Wysiwyg editor. Don't know about Wordpress or Zencart.
We don't use these CMS's anymore, they're older sites not upgraded for some time.
For 1) we now use CSF firewall to block all ports except http/https/email and only allow on approved IP addresses and hostnames access to CPanel, SSH, FTP etc. This has a massive benefit on securing the servers. We don't use CPanel on new servers either, but use Virtualmin.
For 2) we upgraded the offending systems/plugins and not seen hacks since
If we do get hacked now its likely because of 2) on old systems not upgraded for sometime. We have also put htaccess directives to disable PHP in the folders they upload to (always images and tmp) in case they do get in they can't do anything.
So could be an exploit in ModX. The software is the most common way they got in with us.
|
FAQ
Search
Members
Register
Login [ Anonymous ]
