Hi
Security is very low
I got hacked a few moments before
And in the Home
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
can you contact your host and ask them how you got hacked and report it back here so we know how to stop our sites getting hacked, by either a update to elgg or not using the company you use for hosting
Yes, I talked to the service
He is being investigated
And I must thank you very much For Support
We wish the best for you
Thank you all ( specially UK , Tom , ura soul ,rjcalifornia , krismb, Matt Beckett )
sorry for the late reply, your most welcome, i am now trying to find the tutorial were you remove the install folder from elgg and other things to secure a elgg site even more : )
heres the post i made for refrence
http://community.elgg.org/discussion/view/1524956/secure-your-elgg-site-stop-hackers
according to this video all ssl has been compromised years ago!
http://www.youtube.com/watch?v=ibF36Yyeehw
@Michele Just a mention about some .htaccess rules (a first step to security)
It seems that there are a lot of attempts going on to hack servers that have php installed at the moment. This could be a possible attack vector used. The hackers are using a security hole that was included in older versions of php. It has been fixed in php 5.3.12 (and in 5.4.2 within the 5.4 tree) but not all servers might have been updated to later versions.
You could check your server log for entries similar to
which might indicate attempt that your server was attacked.
Maybe need to update your core/software?
security issues you may encounter using elgg (these may or may not be problematic):
from what i am seeing, the ONLY way to use SSL securely is to have your entire site operating via https on every page and if you are not doing that then your passwords can easily be stolen.
@ura soul SSL isn't a 'gold' solution. Plz, don't suggest it as panacea. There're more reasons for hack your server--you mentioned about it above.
About Elgg... I think Elgg is a best solution for safety if you use it on your server than WordPress or Joomla, or Drupal. I've too much years of own practice with all of them ;)
But you're right when talks about 'devs' plugins... Some 'developers' can't or don't want to use simple principles of security and it's a big problem for novice Elgg's users.
i think possibly you are mis-interpreting what i wrote, as compared to my intention.
what i am saying - here with more detail - is that the option to 'encrypt login via ssl' with elgg is insufficient to secure the login due to 'man in the middle' attacks which intercept the data while the page is in non-https mode. if you watch some of the videos in my other thread you will see the full gory details of this.
so while you may have other security issues to resolve too, if your site is not fully https enabled then it simply is not secure. (even if it is fully https enabled it may not be fully secure, but at least there is one less possibly vulnerability to harden).
- Previous
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- Next
You must log in to post replies.