04-16-2006, 02:43 PM
|
|
New Member
|
|
Join Date: Apr 2006
Posts: 2
|
|
My site keeps getting defaced, plz help
Hi guys, new to all this but a group of defacers regularly deface my website - MOHHA gaming site.
Basically just replace or place a new index file with their defacement, most dafcement varies from time to time.
looked on Zone-H.org the description i got was to do with this:
Apache/1.3.34 (Unix) mod_auth_passthrough/1.8
mod_log_bytes/1.2
mod_bwlimited/1.4
FrontPage/5.0.2.2635
mod_ssl/2.8.25
OpenSSL/0.9.7a
PHP-CGI/0.1b
are their any known exploits with these settings? password is changed but no joy.
ports open are http, pop3 and ftp.
any help, advice or pointers welcomed
si
|
04-16-2006, 03:11 PM
|
|
Aspiring Evangelist
|
|
Join Date: Aug 2004
Location: France
Posts: 401
|
|
We would need more info about your site / server : are you on your own dedicated server or on a shared environment ?
What kind of software do you run (forum, portal...) ? Are they all up to date ?
Did you look at your domlog ? Chances are your defacers are using some kiddy scripts that should be pretty easy to block.
How is your server secured ?
Did you ask your host for help ?
Etc, etc...
Feel free to contact me by msn or Yahoo (see my profile) if you wish.
__________________
Marie - Co-Owner
Need Further Assistance ? Here you go !
English, french and spanish support 
|
04-16-2006, 03:15 PM
|
|
Engineer
|
|
Join Date: Jan 2005
Location: Scotland, UK
Posts: 2,380
|
|
For a start you mentioned zone-h.
Full of script kiddies, I will pretty much guarentee you are running old software on your website, such as phpnuke / phpbb / vbulletin / phpcoin and so on, theres hundreds of them.
Have alook at your site and match any opensource software you have with the current version available on the vendors site.
-Scott
__________________
Server Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. Keep your servers online.
United Kingdom: *0800 8620073* // United States: *585 563 1729* // Australia: *02 9037 2448* // International: *+44.1412800134*
Scott Mcintyre
|
04-16-2006, 03:15 PM
|
|
New Member
|
|
Join Date: Apr 2006
Posts: 2
|
|
thanks fro that:
madasbadgers.com - domain
Its on a shared environment, with a mkportal forum. all uptodate. security i believe is down to the host provider, but i dont think i am going to get anything from them.
|
04-16-2006, 03:27 PM
|
|
Engineer
|
|
Join Date: Jan 2005
Location: Scotland, UK
Posts: 2,380
|
|
Update your forums to SMF 1.0.7 and do not chmod your entire dir to 777 (which is what caused it to get overwritten).
I also suggest you keep an eye out for SMF updates/releases and update to them as soon as possible.
-Scott
__________________
Server Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. Keep your servers online.
United Kingdom: *0800 8620073* // United States: *585 563 1729* // Australia: *02 9037 2448* // International: *+44.1412800134*
Scott Mcintyre
|
04-16-2006, 03:41 PM
|
|
Aspiring Evangelist
|
|
Join Date: Aug 2004
Location: France
Posts: 401
|
|
Quote:
|
Originally Posted by si-coxic
thanks fro that:
security i believe is down to the host provider, but i dont think i am going to get anything from them.
|
Give them a chance ? No webhost likes getting his server / customer hacked, they should be willing to work with you to improve the security.
Good luck !
__________________
Marie - Co-Owner
Need Further Assistance ? Here you go !
English, french and spanish support
|
04-16-2006, 07:06 PM
|
|
Newbie
|
|
Join Date: Feb 2005
Posts: 5
|
|
Quote:
|
Originally Posted by Yapluka
No webhost likes getting his server / customer hacked, they should be willing to work with you to improve the security.
|
How I wish that sentiment was true. The hard fact is, there ARE some service providers who could care less that their customers get hacked. They respond by 1) accusing the customer, and 2) terminating the service. No investigations, no Let's-See-If-We-Can-Help-You's, and of course, no refunds.
Madasbadgers, if powervps is not assisting you with security, it's past time to switch hosts.
FYI, your DNS is a little off; you have open DNS servers, and mismatched servers. Worst of all, your site is still "owned."
|
04-16-2006, 07:16 PM
|
|
Aspiring Evangelist
|
|
Join Date: Aug 2004
Location: France
Posts: 401
|
|
Quote:
|
Originally Posted by DomainGlue.com
How I wish that sentiment was true. The hard fact is, there ARE some service providers who could care less that their customers get hacked. They respond by 1) accusing the customer, and 2) terminating the service. No investigations, no Let's-See-If-We-Can-Help-You's, and of course, no refunds.
|
OK, let me re-phrase it :
No good and responsible webhost likes getting his server / customer hacked... 
__________________
Marie - Co-Owner
Need Further Assistance ? Here you go !
English, french and spanish support
|
04-16-2006, 07:22 PM
|
|
Newbie
|
|
Join Date: Feb 2005
Posts: 5
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
