Results 1 to 4 of 4

Thread: Account hacked!

  1. #1

    Angry Account hacked!

    Hi all!

    I have a problem, and i would like to ask you experienced guys how to deal with it.
    One hosting account in my server got hacked because it was using a weak password, and somebody installed there a PHP script to fake a eBay webpage to steal eBay IDs.
    I have the IP address from who got into this account, is an US from AOL, and i have also the email (its a Gmail) where the IDs are sent to.
    What ca or should i do with this?

    Thanks for your help guys!

  2. #2
    First, I'd send a message to eBay and let them know you've tracked this, give them the information, and then remove the offending script from your server.

    But that's just a thought. :p

  3. #3
    Join Date
    Aug 2004
    more than likely an outdated/vulnerable forum, cms, or similar was used by a malicious user to upload the php script. have your client upgrade any and all active scripts on their account and remove any that are no longer in use. letting scripts sit on your server for ages without updating them will only invite this behavior in the future.

    if you offer fantastico or any other auto-install scripts make sure to educate your clients on the pitfalls of using these. I recommend clients to download the source from the creators directly and join their online community so they are kept aware of updates, patches, security info, and so on.

    there are so many 0-day exploits and similar anymore it's getting harder and harder for these auto-install providers to keep up with new versions. by the time they release something and your server is updated with new source you could have a handful or more of exploited accounts, listed on various RBLs and/or a compromised server that needs to be reinstalled completely.

    open-source is great since it's free of cost, however it's never free of responsibility. good luck!

  4. #4
    Join Date
    Oct 2002
    Hong Kong
    Track the problem, inform any upstream provider or the party that was attacked / victimized. Keep a backup copy, preserving ownership and rights. Remove the site from air (take it offline) and let the client (or not) reinstall software.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts