Results 1 to 8 of 8
  1. #1

    any info on blocking the "Turkish Hacker"

    One of my clients has a shared hosting account with a major hosting company. Their site was recently hacked by the "Turkish Hacker."

    A quick web search indicates that this is a well known attacker, going back several years. (Of course, it could just be a copycat.)

    The hosting company provided no help in identifying how the site was hacked, or how to prevent it in the future, other than saying "change your passwords."

    Is there any information available on how this particular hacker penetrates a site? Are there precautions the hosting company should have taken and did not? Are their things the client can do, other than using secure passwords and changing them regularly?

  2. #2
    Join Date
    May 2006
    Location
    EU & USA
    Posts
    3,684
    This type of hacks are in almost all cases not hacks but defacements, and in 99.9% of the cases they use unpatched vulnerabilities of well known software packages or their modules.

    If a shared-host has setup their server well this only happens to the account where the vulnerability is located on.

    So i would start looking into the version of the software you are running and see if there are updates for them. Change of password will NOT help if you do not fix this issue first.

    I find it very strange that the hosting company is only advising to do this, unless they are sure your password has been breached.

  3. #3
    Thanks. Actually, there are no software packages installed by the client - just some default stuff (such as blogging and forum software) installed by the hosting company. I should probably delete all the packages, since the client is not using them. And yes, I was very disappointed by the hosting company's response.

  4. #4
    Join Date
    Oct 2008
    Posts
    2,249
    Quote Originally Posted by wygk View Post
    Thanks. Actually, there are no software packages installed by the client - just some default stuff (such as blogging and forum software) installed by the hosting company. I should probably delete all the packages, since the client is not using them. And yes, I was very disappointed by the hosting company's response.
    well the packages which are the forum and blogging stuff could be outdated. changing passwords is still a good idea and make sure ther things like [email protected] that cant be easily gueesed * doesnt have to be that hard just make alot of letters also
    Leader of the new anti sig spamming club.

  5. #5
    Join Date
    May 2006
    Location
    EU & USA
    Posts
    3,684
    Quote Originally Posted by wygk View Post
    there are no software packages installed by the client - just some default stuff (such as blogging and forum software) installed by the hosting company. I should probably delete all the packages, since the client is not using them.
    This could have been the cause, you should never have anything else on an account as the software you use, because if you don't use it you may forget about it; if you forget about it these things can happen.

    This group of people do not hack your clients website because they targeted him personally but because they found it was using outdated software and they want to spread their story.

    Hope you get it fixed up well.

  6. #6
    Hello,

    The best possible solution is to give your files 655 permissions and directories 755 permissions recursively. Use openssl tool to create password instead of insecure password.

    openssl rand 12 -base64 //using this command you can create a strong password for cPanel,FTP,WHM etc.

    Thank you

  7. #7
    Join Date
    Mar 2009
    Posts
    83
    I have seen quite a few "defaced" sites and most were outdated wordpress and joomla blogs. This kid may or may not be more than a script kiddie, but patching your installations is paramount.

    You can also setup htaccess rules or setup mod_security to restrict certain strings from being passed through the URI which will greatly diminish the capacity for hacking a script.

  8. #8
    Join Date
    Mar 2009
    Location
    Near You..
    Posts
    81
    Always keep the third party s/w on the website updated to the latest version. Also keep the password strength very high and reularly change them. It will be good to check the files and folders so as to avoid 777 permissions.

Similar Threads

  1. "JaMaYcKa" hacker strikes on my server
    By HostingFuze in forum Hosting Security and Technology
    Replies: 128
    Last Post: 05-05-2010, 07:49 AM
  2. Linux system compromised, hacker in as "root"
    By ridnowspy in forum Hosting Security and Technology
    Replies: 11
    Last Post: 03-17-2007, 01:43 AM
  3. Replies: 40
    Last Post: 08-12-2006, 01:38 PM
  4. Warning: Fraud User/"Hacker"
    By SwiftModders in forum Web Hosting
    Replies: 17
    Last Post: 01-12-2006, 10:57 PM
  5. weird characters when viewing "Man" and "info" pages
    By M0NkEY in forum Hosting Security and Technology
    Replies: 6
    Last Post: 06-26-2003, 11:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •