No harm done since I had no content there anyway, but I'm wondering how it was done? I specifically switched to unix/linux hosts because the same thing happened to me when I was on a windows box.

Anyone know? Rather scary....


http://www.sfacademy.net

Could be due to a misconfigued script. Possibly a trojan on your system and they've got a hold of your login and password.

Could be many things... always change your passwords frequently and make sure you test your scripts for security.

who knows.... talk to your host about it, and check the logs just in case they were sloppy.

Where you hacked both times by the same people?

If so the problem is probably your system, get an anti virus, norton is probably best. Scan yourself.
Also get a firewall, like sygate or zonealarm, one that prompts you what programs you are going to allow to access the internet, this way you can pick up anything suspicious that might be a keylogger or a trojan.

Don't use the same passwords for all your different accounts, and choose good ones, a word with a few random numbers before or after it is good, that way it won't be open to a dictionary attack.

On the other hand it might be a specific script on your site. People are often left vunerable to bugs in open source scripts like forums, news scripts, stuff like that.

May have just been your host was comprimised. In either case ask them to check the logs, even if it wasn't them they could tell you if it was a vunerable script on your site or not via the logs.

<edit>Ok I realise now you didn't have any content on your site, so it probably wasn't that ;)</edit>

Nah. The previous time I was hacked I was running IIS 5 on my home PC. That was the well-publicized 'You've been hacked by Chinese' stuff that was going around.

This linux/unix hosting account was empty and completely undeveloped, so the hackers must have gotten in due to a vulnerability somewhere on the server. I've emailed my host already. Hopefully, he'll find something.

I agree with FNM, and use most of what he mentions.

It's hacked again.

Look at all the scripts you use on your site - check for updates and remove anything you don't use, especialy old ones.

Also - is your host updateing their software? Is their support any help with this problem.

Bring the site down for a while, untill you have it protected.

Originally posted by carrotweb
Nah. The previous time I was hacked I was running IIS 5 on my home PC. That was the well-publicized 'You've been hacked by Chinese' stuff that was going around.

This linux/unix hosting account was empty and completely undeveloped, so the hackers must have gotten in due to a vulnerability somewhere on the server. I've emailed my host already. Hopefully, he'll find something.

Was your site hacked located on your own server or was it on a shared server?

Because if it was on a shared server you can't really do anything about it, except find a new host...:(

lol, when I set up IIS 5.0 on my home box, I was infected with code red(hacked by chinese) and the sandmine worm within an hour, not bad going.

Just wait and see what your host has to say then.
A search at http://defaced.alldas.org/ shows only one defacement by this "XS-team", so I'd tend to think your password was compromised and not your host, because if it was your host a ton of other sites would've ended up in the same boat.

Originally posted by DotComster
I agree with FNM, and use most of what he mentions.

It's hacked again.

Look at all the scripts you use on your site - check for updates and remove anything you don't use, especialy old ones.

Also - is your host updateing their software? Is their support any help with this problem.

Bring the site down for a while, untill you have it protected.

Just get a new host. Obviously they dont care much about patching their systems and they dont worry about their users either. Im glad we do.

Originally posted by oZz


Just get a new host. Obviously they dont care much about patching their systems and they dont worry about their users either. Im glad we do.

I fail to see how that's at all obvious. But thanks for the ad anyways...

Originally posted by carrotweb
Nah. The previous time I was hacked I was running IIS 5 on my home PC.

Resist listening to the peanut gallery. I think the first place to look would be related to the quote above. Run a full virus/trogan scan of your system. It may be that you have a keylogger squirreled away somewhere quietly sending someone your passwords and login information.

You don't mention is you're running a firewall on your computer. If not, then you should be.

I'm leaning in that direction as you say you've had trouble before, and you say there's nothing in the account itself as yet.

Another possiblity *may* be the server. Have they updated Apache, and PHP lately?

Greg Moore

Resist listening to the peanut gallery.

You just repeated everything thats been said before.

Actually most of this thread is telling him he must have unsecured scripts, or his host is at fault so he should move. Several mentioned it may be a trojan or a virus on his own computer (including yourself), so my post was to lean the thread in that direction.

But thanks for the comment Brian. I'll remember to run my posts by you first in the future, in case they don't meet with your approval.

Greg Moore

Originally posted by akashik
Actually most of this thread is telling him he must have unsecured scripts, or his host is at fault so he should move. Several mentioned it may be a trojan or a virus on his own computer (including yourself), so my post was to lean the thread in that direction.

But thanks for the comment Brian. I'll remember to run my posts by you first in the future, in case they don't meet with your approval.

Greg Moore

Thank you Greg for submitting to such necessary approval. That way you won't end up with such a large dose of arrogance in posts that repeat what someone else has already said.

Originally posted by oZz


Just get a new host. Obviously they dont care much about patching their systems and they dont worry about their users either. Im glad we do.

This is a horrible assumption. How do you know it had anything to do with the host? There could be a thousand things that led to his site being defamed. Its not the hosts fault unless the actualy system was hacked or attacked. But just becuase it wasnt their fault doesnt mean they shouldn't still help you discover what happened using logs and any means available.

stop that bitching guys!

Are you using FrontPage? They could easily got ahold of your password through FP.

I see a lot of host turn there php safe mode off. It makes thing easey to do on the server but it will alow people to see pass words and other things in there linuxs box

:eek: