How to fix things after security issue
« on: August 23, 2008, 08:52:41 AM »
Hi

I had somehow missed the bit about changing the config.inc.php file back to 644, and had left it at 666. Someone has hacked in, and now the default site to be searched is a very dodgy looking one. I change it back to my site, but when I try and generate a new sitemap, the dodgy one pops back.

How do I uninstall and then re-install the generator? I bought this in Feb, so I guess I may need to upgrade. But I didn't see a post explaining how to clean up what is now a dodgy install.

Thanks

Hendrik
Re: How to fix things after security issue
« Reply #1 on: August 23, 2008, 10:07:25 AM »
I downloaded the config.inc.php  file, opened it in Notepad, and saw the url for the offending website. Changed it back to mine, and uploaded the config.inc.php file again, having changed the CHMOD settings to 644. Ran sitemap generator, and all was well.

Reason I spotted it in the first place (I had been away on holiday for a couple of weeks) was that the sitemap generator ran incredibly slowly, and talked about scanning far more pages than my website has. When I looked more closely, I didn't recognise the names of the pages it was scanning. Managed to stop it before it had overwritten my existing sitemap! (Lucky it ran so slow!)

OK, I guess I will push on with the upgrade.

Hendrik
Re: How to fix things after security issue
« Reply #2 on: August 23, 2008, 12:58:56 PM »
Great, I'm glad you noticed this and the issue is resolved. Make sure to define login/password to restrict access to your generator pages as well.
Re: How to fix things after security issue
« Reply #3 on: August 23, 2008, 02:41:40 PM »
In what situations is the password needed?

I have set a password, but I can still generate a sitemap and open the file on the server without being asked for it.

Hendrik
Re: How to fix things after security issue
« Reply #4 on: August 24, 2008, 01:07:32 PM »
Hmmm...

Having set the config.inc.php file to 644, I am now getting the message that an error occurred (top of the configuration page) and that the config.inc.php file is not writable.

However despite this message, I am still able to run the software and create a new sitemap (which I can then see online, with todays date). Puzzling.

Hendrik
Re: How to fix things after security issue
« Reply #5 on: August 25, 2008, 12:24:39 AM »
Hello,

the password will be required when you will get back to generator page after some time (when your session is expired), all new users will be required to enter password to open generator screen.
Quote
Having set the config.inc.php file to 644, I am now getting the message that an error occurred (top of the configuration page) and that the config.inc.php file is not writable.
That is just a warning message telling you that any changes in configuration cannot be saved at that point, but you can ignore it as long as you don't need to change your settings.