Registered users able to post to configuration.php file!

Hi,

Our website got hacked earlier this week, and I've just been going through the log files. In the logs I've seen that 'people' have registered, then made a POST request to my configuration.php file; and can only assume they were able to edit the file.

My configuration:

I'm unable to move the configuration.php from the webspace due to hosting restrictions.
Last week I updated all file permissions to 644, and folder permissions to 755.
I did have CB 1.8 installed up until about 5min ago, and have just upgraded to 1.9.

The CB users appear to have be added as 'Registered' users, so am surprised they can post to the webspace.

Is this a CB issue, or something wider that I need to reslove?

TIA

Any ideas?!

Thanks

ippon_solutions wrote: Any ideas?!

Thanks

Doesn't sound like anything related to CB.

If your site was hacked you need to understand how.

There are paid services (third party) that can help you.

Not sure what more we can offer here.