Close holes in website security.


I want to close some security holes I have on a website.

The site is run a unix dedicated server.

The site uses Password Sentry software [url removed, login to view]://[url removed, login to view] to log and suspend users.

The site uses security image+user+pass and no request is send to .htpasswd file if image is not correct so not possible to bruteforce using software from what i was told by the owner of the software.

The site uses CCBill password adding/deleting/updating services.

I want to find out why I keep getting russian people inside my members area who knows my customers login.

I have some PHP files that updates counters and a updates page in the free area.

I have a forum Vbulletin version 3.6 (was moved to another server to see if that was the source of maybe some php injection but it continued so it is not the forum)

Password sentry software has gone thru their setup and scripts and can not find anything in their scripts that would allow anoyone to find logins.

ftp login has been changed 4 times but dont help.

phpmyadmin folder has been renamed to yhoign5th3q98oieo53qhie

So we can exclude these 2 options.

Your job:

You need to find the holes and close them!

Dont bid if you have no security PHP/unix experience.

There is 1 or more holes for sure and i need them closed for good.

Evner: Linux, PHP, Web Sikkerhed

Se mere: www monster com, www monster, www free website com, what is, what is monster, website out source, security job, people that help you find a job, out source website, my monster, monster job com, monster in, monster com job, log in website, login page in website, job security, job monster .com, job monster, job find website, job bid website, has been changed, getting members, free website submit, free website setup, free website login

Om arbejdsgiveren:
( 4 bedømmelser ) Tokod, Denmark

Projekt ID: #96025