How is this possible?
only my ip addresses allowed and still getting hacked
thanks.
In reply to christian turc
Re: only my ip addresses allowed and still getting hacked
by Emma Richardson -
You might want to give just a little more information...why do you think you are hacked, what is happening, what is limited to only your ip address, etc,,,
In reply to Emma Richardson
Re: only my ip addresses allowed and still getting hacked
by christian turc -
I am using Moodle 1.19 on a GoDaddy hosted account. This app is available to install through the control panel. after installing this software my php files get changed. How do I prevent that? Is there a way I could password protect those files? Also I tried manually to install different versions of Moodle like 2.2, 2.3 or 2.4 but the results were the same or even worse. I was not even able to get back to my site. What should I do? and thanks for replying . Chris
I do hope you have either a full site backup or at the very least, course backups downloaded and archived.
For others who might find this discussion/issue ... Christain and I have had a 'side bar'. In that 'side bar' from what I gather, it appears GoDaddy installer script installs a version less than 1.9.19+ (highest/most secure of that series). After installation, it warns about setting the salt (which was introduce in version 1.9.6), it has php error reporting turned on, and installs moodledata in space directly accessible via the web. (appears to be installing 1.9.7). Even installing 2.2, 2.3, or 2.4 the moodledata folder should not be in a directory that is directly accessible via the web.
Not long ago, MS computers came with pre-installed malware from an OEM in the distrubtion channel. Wonder GD is now suffering something similar in that php files in whatever installer they have provided for customers has already been compromised.
Surely, if php files appear in your site, GoDaddy security folks would be able to at least investigate that and report finding.
Have already suggested he check into a GD VPS.
'spirit of sharing', Ken
How have you restricted to a single IP? Even if you have, there are some nasty things out there that could take advantage of holes in php via Moodle ... remotely, requires no login/pass, etc. Dunno how accurate or current, but see: http://bit.ly/17Uynus
Version of Moodle?
Have you checked for the existence of non-Moodle php scripts in the moodle code folder or other web accessible folder/directory.
And what is behavior/appearance of the hack?
'spirit of sharing', Ken