Discuz is vulnerable to SQL injection!!!! admins please read.

ravipratap95

i hope you all know about sql injection and what it can do..
anyways in short.
i lost my database recently.
i used a backup and increased the security but the problem came again and again.
vot told me that someone had an access to my site.
but then if thats possible then one can easily empty my public_html folder but that wasnt the case.
also he could delete my database too.but the hacker did not.
than one thing thats left is sql injection.
i think discuz is vulnerable to sql injection.
is there any way to fix it.~ or anyone has any suggestion or patch on how to prevent it.????
id really like to discuss on this matter this is getting serious.

ravipratap95

pgangwani35 2013-9-26 12:43
Only Antivirus company can protect u (QUICK HEAL)

You dont get it bro.such softwarer are only fort personal computers not for web servers.it protects the computer from web server viruses not web server from viruses

vot

A vulnerability may appear not because of Discuz,
but because of stolen password, or not closed access to critical utilities like install, update, restore, phpmyadmin, etc.
... or because of non-verified uploads enabled, i.e. hacker's shell...

ravipratap95

vot 2013-9-24 21:44
A vulnerability may appear not because of Discuz,
but because of stolen password, or not closed acce ...

Now that i have re installed my forum to new.and re setted my account
what should i do other than passwords strong thingy ?

ravipratap95

vot 2013-9-24 21:44
A vulnerability may appear not because of Discuz,
but because of stolen password, or not closed acce ...

Also is discuz vulnerable to it? The question remains still

vot

I'm sure that ANY software is vulnerable, including Discuz.

But I do not know about SQL injection in x2.5++.

ravipratap95

vot 2013-9-25 08:59
I'm sure that ANY software is vulnerable, including Discuz.

But I do not know about SQL injection i ...

you got any tips how to boost site security????
how about adding an ssl certificate
http://startssl.com provides free ssl certificates for 1 year...but how to install one on a site????
if it helps then yipee....

vot

1) Search in Google:
how to protect my site from hackers

2) SSL certificate can not protect your site. It is only for creating a secure connection.

ravipratap95

vot 2013-9-25 15:18
1) Search in Google:
how to protect my site from hackers

okay.
by the way what have you thought on how to stop the forum spams which are spreading here???
any counter measures from your side?

vot

It is not "by the way", it is offtopic here
(Create new thread)

vot

Why not split my post?

It's YOUR post, so it's not my job, but YOURS.