Admin-level Web site vandalism: how to protect against this

jlhughes Joined: 2002-06-05 Posts: 81	Posted: Fri, 2002-09-13 23:56
	I have a kids' soccer site that is featured in the "sports" screen shots as an example of a Gallery site. Sometime over the last couple of days someone was able to gain access to the site at a level that allowed them to rewrite the caption on one of the photos. I have removed the "admin" user and changed the password on the remaining admin-level user. Is there anything else that I should do to prevent this sort of vandalism?
	XUser login Username: * Password: * Create new account Request new password
CarpetBagger Joined: 2002-08-09 Posts: 49	Posted: Sat, 2002-09-14 01:57
	You need to determine how the vandal got in. What OS are you running on? Which version of Gallery?

jlhughes Joined: 2002-06-05 Posts: 81	Posted: Sat, 2002-09-14 03:28
	At Bharat's suggestion I have upgraded the site to the latest version of Gallery. I apparently had missed a notice that there was a significant security hole in the 1.3.1 version that I was running. I would still be interested in knowing if there are any steps I can take to limit my vulnerability. I assume the jerk who accessed my site will be encouraged to try even harder now that I've responded to his vandalism by upgrading the software. The site is on a commercial server that runs virtual hosts under Unix and Apache. I don't have shell access, just FTP. John Hughes

XUser login