[TYPO3-english] Have I been hacked? Please help.
Andreas Becker
ab.becker at web.de
Mon Mar 21 03:57:11 CET 2011
On Sun, Mar 20, 2011 at 12:02 AM, Thomas "Thasmo" Deinhamer <
thasmo at gmail.com> wrote:
>
> Hello!
>
> Does that mean there are ways to get into
> the backend without having the login credentials?
>
> Or why would it be a secret or unwise to tell here?
>
> Thanks a bunch,
> Thomas
>
Yes of course, why do you need the login credentials if your system is kept
open! is the simple and easy question!
If you don't take care for the security of your SYSTEM itself, or if you are
not hosting with a hoster that is following all those common sense security
measures than you do really good to either stop with this hoster immediately
and change to one who is capable to secure his hosting environment or setup
your own secure environment.
TYPO3 is like any other web application only the Top of the mountain of
security measures you need to take care of. If your system is already
opening everything it is NOT TYPO3 or any other application but your
environment which is insecure.
It is wise not to tell it again and again here as it is already available in
the net many times:
http://webempoweredchurch.org/services/download-packages/manual/#_Configuration
Those who are capable to read should also be able to follow those very
simple advices. Beside this there are much more secure advices which
increase the security level.
http://secure.t3sec.info/tutorials/database/ip-restricted-db-access/
http://secure.t3sec.info/tutorials/typo3/credentials-outside-of-webroot/
and even than you can have much more security following further guidelines
you can find in the internet.
Feel free to discuss and open up a discussion about each simple step here on
the list, which than gets also multiplied to many potential hackers all
around the world. Setup a TYPO3 website you think it is secure and than
invite people to hack in ;-) what do you want? Giving guideline how to hack
websites? Even those you can find them already in the internet including the
necessary tools to do this.
Andi
More information about the TYPO3-english
mailing list