actually, it may not have been an FTP hack, check your logs, they could have done some exploits via apache, or one of the scripts on the site.
Make sure there are not PHP files installed that were added by the hackers, these could be files that give them the ability to hack your DB, or let them read your files and modify them depending on file permissions.
FTP hack would have been the easier to clean up unfortunately, but you have to check all routes.
Also, email me and I can send you a .htaccess file that can block a lot of this stuff from re-occurring.
However, I am going to flag your last comment for promoting harrasment (“I’m not making this a @cupcakes bashing post (others are free to do so however).”)
Fine, I apologize for that comment. It was just a reaction to the way a lot of this thread is repeating itself.
I’ve been debating saying anything else, but what the heck, I’m gonna say one last thing here, because this thread is just getting rediculous. Your never gonna get everyone to agree, because sellers and buyers are always going to be divided, even the sellers who are also buyers will have a different point of view and this whole thread was started so you could be the center of attention.
@cupcakes, looking for praise had nothing to do with it. It got so bad between you and one or two others (who we have settled our differences outside of here), that I was dreading taking a week off to take my daughter to Whistler next week due to not knowing what you guys might be posting. And I would rather enjoy a week with my daughter and my wife than spend every frigging minute checking on my iPhone to see what you are complaining about again.
Yes, I changed the specs with the last update. I work 2 jobs and have a family to raise, as well as providing updates for everyone (on scripts I sell here and my own software that I sell myself), so updating the text wasn’t my highest priority, so I did include the requirement for cURL, which you also managed to complain about (despite the fact that no one has issues with cURL on the other scripts I sell here that uses cURL), I posted an alternative to cURL and actually did a whole lot of research with the last update to find a fully working solution for querying https:// urls, which had been an issue on some servers. And again, you managed to complain about something else.
Oh, and in case you failed to notice, there were one or two posts from you guys that were actually removed by the admins, long before I ever saw them, so I wasn’t the only one flagging posts. Admins can flag posts too, and will if they deem it necessary.
Also, I spent a lot of time providing support to anyone who emailed me, more than I was required to provide (especially considering how TF doesn’t require sellers to provide any support at all), ranging from people having trouble with installs to not being sure how things worked. And I was still the one who did it, because I was the nice guy. In fact, I still provide updates and support to people who bought the script, and have put the ones that have emailed me on my notification system to continue getting updates.
And the last few comments that were flagged were for things that were already fixed (or were wrong), and were in the update queue.
Such as the issue @mistical keeps bringing up which was incorrect and fixed (if someone had only looked at their database before trying to start fires). I flagged that to keep everybody from jumping to the conclusion @mistical jumped to even after I posted several times that the problem you guys found was not the correct one, and I have already explained enough what the actual problem was.
And @cupcakes, you still had a whole lot of comments that were left alone and not flagged, so no need to make it sound like I flagged everyone of your comments. Usually, there was a reason for it, but again, your point of view is gonna be different from others and I’m not making this a @cupcakes bashing post (others are free to do so however).
Now, I’m done writing this book of a post that was only meant to be 3 or 4 lines. @cupcakes, feel free to complain some more. I’m already ignoring you in 5… 4… 3… 2… !!!!!
Actually I had replied that that wasn’t happening. And the actual bug was fixed in an update that was uploaded yesterday. Email me if you didn’t download it and I will send the update to you.
The actual bug was that it was redirecting you to the loggedin page and showing all anonymously created URLs as your own.
The database has unique fields on username and email which means it is impossible to have two accounts with the same username, and if anybody had checked their databases before posting a bug that was wrong, they would have seen that.
Again, the actual bug was that if a user didn’t get created then they still got forwarded to the account page but were seeing urls that didn’t belong to anybody.
That was fixed yesterday so that it will redirect to account page only if it had a user Id instead of the check it was doing.
yes, I deleted the script. There were a few people who never had anything positive to say no matter how much work you put into it and their were close enough to abuse that the overall stress just wasn’t worth the couple bucks I made off it.
If those certain people ever once had something positive to say instead of always finding something to criticize, I would have left it up.
I’ve been a sitepoint.com member for years (and years and years), and I’m also on css-tricks.com’s forum.
I also use websitepublisher’s forum as well.