Results 1 to 6 of 6
  1. #1

    Hacked websites... can you give input?

    Wondering if I can get some input from you...

    5 of my 6 websites were defaced (I think today). one was a static html site, 4 were joomla and 1 is a wordpress site.

    Somehow, the index.php files on the mysql sites were changed and the index.html on the static site was overwritten.

    I'm sure one site was defaced while I was working on figuring out how the others were defaced - meaning whoever was doing it was active while I was online.

    Checked the ftp logs, and I recognize all the IP's for the last couple of weeks - only 3 people have any ftp access so that's out.
    Been going through the html logs, and I don't see anything.

    The index.php files that got changed? The file dates didn't change, and going through the directories, there were no new files added...

    Got me scratching my head...

  2. #2
    Join Date
    Nov 2007
    Dallas, TX
    Is it a CentOS server, or another flavor of Linux?

    Could they have obtained SSH access, perhaps due to a weak password or via another method?

    Mike G. - Limestone Networks - Account Specialist
    Cloud - Dedicated - Colocation - Premium Network - Passionate Support
    DDoS Protection Available - Reseller Program @LimestoneInc - 877.586.0555

  3. #3
    SSH was never enabled, nor is ssl.

    All of my passwords are strong, mysql passwords are random string of caps and lower case letters and numbers. The main cpanel password is alphanumeric with caps.

    I just don't get it.

  4. #4
    This isn't my personal server btw, it's on a host. I've asked them to help out with it but haven't gotten much communication back.

  5. #5
    Join Date
    Jun 2002
    Waco, TX
    There are some very common exploits on many php web apps that can allow localized attacks on both windows and linux servers.

    you did good in checking FTP every since the first major Adobe exploits ~2 years ago there have been a huge number of FTP accounts compromised on the client side, even though it wasn't the access route it seems for you, it is a very good first place to check.

    Other places my include webDAV logs if you have any webDav server, and FrontPage logs if having FP authoring enabled. (both windows and linux servers in these cases) these many times can use the same ftp credentials but are a harder to trace 'hack' due to the fact they are lesser used.

  6. #6
    Mostly outdated versions of wordpress/joomla could lead into accounts hacks and if server is not secured enough, defacing could be for all sites. No matter your passwords are strong if there is a backdoor

Similar Threads

  1. Replies: 4
    Last Post: 12-03-2004, 07:13 PM
  2. How to dynamically create a file input and give it a value?
    By airnine in forum Programming Discussion
    Replies: 0
    Last Post: 04-07-2004, 04:24 AM
  3. iexpresshost...Please give input!
    By NFLinsider in forum Web Hosting
    Replies: 4
    Last Post: 02-11-2003, 09:55 PM
  4. please give your input on Voxtreme
    By akwong in forum Web Hosting
    Replies: 0
    Last Post: 04-05-2002, 04:58 AM
  5. hmm, please give me input on this...
    By C0baL7_PhR3aK in forum Web Site Reviews
    Replies: 10
    Last Post: 04-28-2001, 11:43 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts