Yii website hosted at godaddy hacked

Hi All!

Just noticed that my yii website (http://www.malikow.com) hosted at godaddy has been hacked this morning.

Any help…?

Is that Yii problem? ???

I’m not sure it’s a yii problem…

It’s not.

But don’t use raw FTP, ever.

It’s just too easy for someone to intercept and steal your username/password.

After that it’s just a smorgasbord - they can do pretty much anything.

Use SFTP (secure FTP) instead.

Thank for you advices!

Working now!

My index.php had been renamed by the hacker

What might be the reasons of this?

As Yii just provide a secure platform for development.

Is it file uploading issue or something else?

I am also trying to answear the same question…

The only way they can do that is by having full access to your host.

Happened to me once.

After that I’ve always used secure FTP.

I learned my lesson.

Do change your password - not only the FTP, but the shell as well. (Just in case).

You could also monitor the site using phpids. To check if they’re gone. ;)

Thanks jacmoe

Analyse your access logs to know if someone connected via FTP using your credentials.

You might also review your scripts. Who knows what code they may have inserted…

Of course!

I also nooticed that two of my joomla websites has been hacked too… so it’s not cause of yii