Results 1 to 7 of 7
  1. #1
    Join Date
    Feb 2004
    Posts
    305

    My site got several index defacement hacks

    My site got several index defacement hacks this week from the same hacker.

    - I've only one php script which was made and customized for me by a programmer months ago

    - My site is running on
    Apache version 1.3.37 (Unix)
    MySQL version 4.1.21-standard
    PHP version 4.4.4
    PERL version 5.8.7
    Operating system Linux
    Kernel version 2.6.17.6
    cPanel version 10.9.0-CURRENT-4

    - The hacker did not get a full access to the site because I looked at the ftp access log file and the whole opreration there were done thru my IP addres

    What the hacker is always doing: remove the index.php + upload a new index.html page

    What is the problem? a bug on the script in my site or on the server itself?

    Thanks

  2. #2
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,146
    Whomever operates the Server needs to beef up their Security.

    This probably has nothing to do with your hosting account. The hacker was able to upload & run their files because of lax Security on the Server itself.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  3. #3
    Join Date
    Dec 2005
    Posts
    402
    Quote Originally Posted by Website Rob
    Whomever operates the Server needs to beef up their Security.

    This probably has nothing to do with your hosting account. The hacker was able to upload & run their files because of lax Security on the Server itself.
    I agree, I would change your root password, your ftp password, and all MySQL DB passwords as well. This will keep future attacks from being a success. Most importantly, tell this to your host and see what they have to say. Also, make sure and back up your data!

  4. #4
    Join Date
    Jul 2003
    Location
    Goleta, CA
    Posts
    5,566
    sounds like the common php injection + perl exploit that's been going around.
    Patron: I'd like my free lunch please.
    Cafe Manager: Free lunch? Did you read the fine print stating it was an April Fool's joke.
    Patron: I read the same way I listen, I ignore the parts I don't agree with. I'm suing you for false advertising.
    Cafe Owner: Is our lawyer still working pro bono?

  5. #5
    Join Date
    Feb 2004
    Posts
    305
    guys, the hacker did not get a full access to the site. I moved the site to another host, I changed the access info, and he still able to deface the index page

  6. #6
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,146
    Quote Originally Posted by moh2004
    I moved the site to another host
    There are times when one must say 'exactly' what they mean.

    If you 'transferred' your account then odds are you also transferred the infected files.

    If you did an upload of backup files from your own computer, to a new hoster, and still were using the hacker files, then something much deeper is going on.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  7. #7
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    As website Rob says, the problem is in the software you're running - ie in that single PHP page your programmer wrote for you. I'd be fairly sure that the PHP script has a major security flaw and you should get your programmer to fix it.

    To find out how it's getting in you should check out the web logs for the domain in question and see what URLs are being accessed. That should make it fairly straight forward to fix. It's probably just an SQL injection or something similar.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •