WEB Just been hacked!

Discussion in 'OT Technology' started by spahndirge, Jul 27, 2008.

  1. spahndirge

    spahndirge Scumbag Member

    Joined:
    Jul 15, 2005
    Messages:
    421
    Likes Received:
    0
    Just checked out my website and noticed that it has been hacked by someone called "ghost61".I just have a portfolio website so there's nothing much on it, all the data is still there, jut the index.html file has been changed.

    What I'm wondering is how could this have happened? The site is flash based and there's little or no user input on the site (just a flash/php email form). I have a sub domain that allows users to create an account on my site, but that has been untouched.

    Another question, how can I avoid this happening again? I'm hosted with IXWebhosting and their tech support is shite.
     
  2. Karnejj

    Karnejj “A true conservative is one who can't see any diff OT Supporter

    Joined:
    Jan 9, 2008
    Messages:
    35,585
    Likes Received:
    0
    Location:
    UPGRADED USA Shutdown Today:8 derps
    Could have hacked your host... cracked your FTP password ...or maybe exploited a SQL database with file manipulation permissions.
     
  3. spahndirge

    spahndirge Scumbag Member

    Joined:
    Jul 15, 2005
    Messages:
    421
    Likes Received:
    0
    Been researching into it and he's done it quite a lot. I see 2 new directories created on each hosting account. It just seems like random spam.

    I have gallery2 installed on my server and that has a CHMOD 777 permission set, maybe this is to blame? I also have it set to a wordpress upload directory :(

    I'm gonna get rid of it since I never use it anyway and the domain name is about to expire. I'm gonna change my password for FTP, is there any way I can stop this from happening again? Any configuration changes I can make? Tutorials?
     
  4. Limp_Brisket

    Limp_Brisket New Member

    Joined:
    Jan 2, 2006
    Messages:
    48,422
    Likes Received:
    0
    Location:
    Utah
    777 is never good
     
  5. retorq

    retorq What up bitch??

    Joined:
    Dec 14, 2006
    Messages:
    6,061
    Likes Received:
    0
    Location:
    Mohave Desert
    No maybe about it ... :eek3:
     
  6. crazybenf

    crazybenf Active Member

    Joined:
    Nov 14, 2001
    Messages:
    15,578
    Likes Received:
    3
    g2 is bad news. :hsd: Especially the older releases if it's unpatched.
     
  7. enfiniti

    enfiniti How firm thy friendship ... OHIO!

    Joined:
    Sep 12, 2006
    Messages:
    4,813
    Likes Received:
    0
    Location:
    Columbus
    hey i have ixwebhosting and their support is the most amazing I have seen in the cheaper servers industry.

    I have sent them code I wrote and they helped me debug it.
     
  8. spahndirge

    spahndirge Scumbag Member

    Joined:
    Jul 15, 2005
    Messages:
    421
    Likes Received:
    0
    Looks like that could have been the problem. Although, one thing that puzzles me is that I have 2 domains on the same shared server, and the two of them had a .htaccess file in the created directory.

    one domain was used for gallery2 and the other had jut my portfolio. This makes me wonder was it gallery2 (allowing the hacker to get to my other domain), or is there a vulnerability in some script I have somewhere?
     

Share This Page