Quote:
Originally Posted by rebekahdee
Hi,
Does anyone else have experience of this problem? I am guessing that this is some kind of leak at either the billing company or the host. The fact that it is new members makes me think that perhaps someone is picking up the signup confirmation emails that are sent when a new member joins as this contains the login data required.
Any tips or feedback would be apprecaited as this is driving me nuts!
Thanks,
Rob.
|
Quite likely you're seeing your password file or database getting ripped.
The attacker uses some PHP script, most often, somewhere onyour server
to get at the password file and can keep getting new ones whenever he
wants to. This is a real pian in the butt, of course. There are a few steps
to take in order to take care of this problem. There's the basic security
stuff like getting rid of old, unused scripts that an attacker may use, and
more specifically we can apply strong encrpytion to your password list so
that even if a cracker does get the list it's of no use to him, because it's
encrypted such that he can't retrieve the passwords. This page will
provide some more helpful information:
http://www.bettercgi.com/strongbox/p...adyhacked.html
Also feel free to shoot us an email as
[email protected] or call us
at 979-530-1300 .
__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids