Hacker can change or delete your database!

You have to password protect (it?s not enough protecting) admin.php.
Many knows were this catalog is on your server.
I have index protected my admin!

This is only an advise!

Are you talking about CAC? Ya, its best to make a .htaccess for the whole directory to disallow all, then allow from your ip, and also setup password protection.

I clicked on the website in the poster's sig, and it looks like a cac php.
Yes, that is a VERY insecure script. :ph34r:

what script isn't? I havne't checked the latest MEC to see if its secure.

but it looks like you havent secured urs
i have full access to the admin area... LOL

Gunilla Mathistad... i guess this is ur name, LOL

hey dude, thats not the way to fix it by renaming admin.php
i still have access to the rest like infoadmin.php

Please i would like if somenone can explain how a user is able to access my admin.

I have designed my script myself, the admin details are database recorded and for every page from my admin section is a runing task that is checking the identity of the visitor (if he has admin rights or not).
Simply what is the way of accessing.

I tryed to protect my site,
but someone have to show his capability and hacked my site.
I think that he have take a place as goldmember, too.
I have his IP and i am going to search for him, if it is he!
I would have some help from you all.

I should be happy if all GPT owners could look after a name in your goldmembers register and take a look at this names account.
PM me if you want to help me and you get the name.

Please, I was stupid who wrote to forum that we have to protect ours sites.
If i hadn?t written maby they shouldn?t hacked me.

Hope you can read my bad english.

hmmm... that really sucks. I feel sorry for you, if I knew how to do it I would have posted earlier.

u dont have to send me pms declaring your "victory" ...

its easy to anyone running as admin script from another site, if this know the url of config file like www.domain.com/config.php and your MySQL support queries from other machines. anyone with same script like you after an mysql crash, see the path of config in error page, and setup an system with your config. Try to see the access of mysql if allow queries from other sites ....

*shakes his head at crystalballer*

lordan: If you have this person's IP turn it over to Tipsy or BaroqueXena. They should be able to help you in tracking down this person.

I have never sent any PM to you and I will never in my life talk with a boy like you.
You have to grow up!
Don?t even try to send PM to me! I will not answer it!
I will not have contact with anybody who is so nonchalant and all what you are!
I can?t understand that you get answer on the whole topics and replyes that you send.

lordan, dont let crystalballer get to you, they are just passing through.