Results 1 to 7 of 7
-
09-08-2006, 03:45 AM #1Web Hosting Guru
- Join Date
- Feb 2004
- Posts
- 305
My site got several index defacement hacks
My site got several index defacement hacks this week from the same hacker.
- I've only one php script which was made and customized for me by a programmer months ago
- My site is running on
Apache version 1.3.37 (Unix)
MySQL version 4.1.21-standard
PHP version 4.4.4
PERL version 5.8.7
Operating system Linux
Kernel version 2.6.17.6
cPanel version 10.9.0-CURRENT-4
- The hacker did not get a full access to the site because I looked at the ftp access log file and the whole opreration there were done thru my IP addres
What the hacker is always doing: remove the index.php + upload a new index.html page
What is the problem? a bug on the script in my site or on the server itself?
Thanks
-
09-08-2006, 04:02 AM #2learning is in the doing
- Join Date
- Sep 2000
- Location
- Alberta, Canada
- Posts
- 3,146
Whomever operates the Server needs to beef up their Security.
This probably has nothing to do with your hosting account. The hacker was able to upload & run their files because of lax Security on the Server itself.• PotentProducts.com - for all your Hosting needs
• Helping people Host, Create and Maintain their Web Site
• ServerAdmin Services also available
-
09-08-2006, 04:48 AM #3Aspiring Evangelist
- Join Date
- Dec 2005
- Posts
- 402
Originally Posted by Website Rob
-
09-08-2006, 06:53 AM #4Predatory Poster
- Join Date
- Jul 2003
- Location
- Goleta, CA
- Posts
- 5,566
sounds like the common php injection + perl exploit that's been going around.
Patron: I'd like my free lunch please.
Cafe Manager: Free lunch? Did you read the fine print stating it was an April Fool's joke.
Patron: I read the same way I listen, I ignore the parts I don't agree with. I'm suing you for false advertising.
Cafe Owner: Is our lawyer still working pro bono?
-
09-08-2006, 09:51 AM #5Web Hosting Guru
- Join Date
- Feb 2004
- Posts
- 305
guys, the hacker did not get a full access to the site. I moved the site to another host, I changed the access info, and he still able to deface the index page
-
09-08-2006, 10:07 AM #6learning is in the doing
- Join Date
- Sep 2000
- Location
- Alberta, Canada
- Posts
- 3,146
Originally Posted by moh2004
If you 'transferred' your account then odds are you also transferred the infected files.
If you did an upload of backup files from your own computer, to a new hoster, and still were using the hacker files, then something much deeper is going on.• PotentProducts.com - for all your Hosting needs
• Helping people Host, Create and Maintain their Web Site
• ServerAdmin Services also available
-
09-09-2006, 09:15 PM #7Web Hosting Master
- Join Date
- Nov 2004
- Location
- Australia
- Posts
- 1,737
As website Rob says, the problem is in the software you're running - ie in that single PHP page your programmer wrote for you. I'd be fairly sure that the PHP script has a major security flaw and you should get your programmer to fix it.
To find out how it's getting in you should check out the web logs for the domain in question and see what URLs are being accessed. That should make it fairly straight forward to fix. It's probably just an SQL injection or something similar.