CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13

hacked site - caches

almostcompletelyalmostcompletely
edited May 2016 in Bug Reports
I've got a Fuel site (v1.3.1, will shortly be 1.3.2) that's keeps getting hacked. It seems the caches are being attacked and the URL links on the pages are rewritten to point to Chinese online shops.

Any suggestions or best practice advice for managing Fuel's caches?

TIA

Comments

  • adminadmin
    edited 4:56PM
    I'd recommend a few things:

    1. Try hard coding the $config['base_url'] in fuel/application/config/config.php
    2. Use a host redirect to help make sure that all pages use the same domain:
    http://docs.getfuelcms.com/general/redirects
    3. Setup your environments.php config file to include all domains and IP addresses that are considered the production environment.
    http://docs.getfuelcms.com/general/environments
    $environments = array( 'development' => array('localhost*', '192.*', '*.dev'), 'production' => array('mydomain.com', 'www.mydomain.com', '555.555.555.555'), );
Sign In or Register to comment.