Hey, My website has been hacked recently and upon investigation, my virus scanner detected the script that was probably used to hack my site. it was in metatraffic2/data/zeh3.jpg.asp When I looekd at it, it allowed anyone to change my files easily. I downloaded another version of Metatraffic and those files weren't there.
Anyway, has this ever happened to anyone or were those files put in there randomly.
oh, the hacker name was "lord"
Possible Security Exploit
Hi Phil,
With MS Access default installations where the database is left in the web directory anyone can download the database and figure out the username and password to login. This has been documented in the readme which I understand few people read. We recommend you follow these instructions to prevent this:
http://www.metasun.com/support/metatraffic/secure_db.asp
Metasun also released an update a while back to block the upload capability for installations that used MS Access in the default location / filename to mitigate the risk.
I would recommend you update to the latest version and follow the instructions in the URL above to secure your MS Access database.
Regards,
~Chad
Possible Security Exploit
ok thanks, but is there some feature in metatraffic that allows people to upload data?
Possible Security Exploit
Yes, there is upload functionality in the software. As stated previously, there was a potential issue with default MS Access installations and the file upload capability. This has been fixed so that the file upload is disabled in this situation. Upgrade to the latest version.
~Chad