Preventing Hacking

[SalemKayaker]

My SMF recently was messed up enough that I had to burn it down and re-install it.

I am not positive that hacking was the problem that caused my SMF to hang but I have seen signs of attempts to hack the site.

Typically, I am seeing numeric prefix php files (e.g. 345762.php) showing up that are obviously not related to SMF. They usually contain base64 encoded strings... I have decoded a few and found they were URL's in Russia). The hackers also added their own .htaccess files which redirected visitors to that directory to the numeric prefix php file which then presumably did what they wanted when executed.

Anybody seen this before and know what the hackers are trying to accomplish?

Also, any suggestions on how to defeat this sort of stuff in future would be appreciated.

After I re-installed and upgraded SMF, I ran the upgrade.php and that seems to have set the various file and directory permissions as best it could.

What else can I do to avoid being hacked?

TIA --Doug

[Illori]

make sure you are using the most updated version of SMF, and make sure your host is aware of your possible hacking so they can try to secure things on their end.

[kat]

Also, read my sig.

When you backup, don't overwrite the previous one(s), just in case...