Someones hacking my pixelpost database

[mark]

Any ideas how to stop a hacker from writing HTML code to my pixelpost database? Someone is writing some <iframe> stuff to categories and my pixelpost config making it point people to a trojan virus. thoughts??

-mark

[jaywilliams+]

For starters, change your database password.

Then update your pixelpost.php file to reflect the changes.

[mark]

I've done that, but i assume they already got my password by reading my pixelpost.php file...

[blinking8s+]

what pixelpost version are you using?

[mark]

1.3...and yeah, i know i know.i should upgrade
But i have so much custom stuff in my index.php and admin section, im afraid to mess that up

[austriaka+]

better you messing it up then your hacker does...
;-)
KArin

[GeoS+]

First of all try to protect your admin dir by setting there controlled access through http loging option (many admin panels has got special function for making dirs secure accessed).

[mark]

I did setup permissions on my admin directory with a username and password via my hosting website control panel. I also changed my pixepost database password. It took the hackers a few hours to break through again and write html code ontop of my categories. Each time a photo shows that has a category, it also pops the virus....any thoughts to protect the database?

[austriaka+]

could it be that you have already some weird code in your scripts? Perhaps something so simple like the send-forgotten-password function misused (don't know the routine in 1.3, but perhaps one can perform the form with a replaced email adress?
I strongly believe it would be less work to make a complete new installation with 1.6 than to fix that issue
KArin

[mark]

Where do i find the "forgot password" function?

And also, upgrading to 1.6 will fix the issue you think? 1.6 uses the same database tables doesn't it? Heck, if 1.6 will fix the issue, i'll definitely do that!