UK WEB HOSTING FORUM FOR DISCUSSION ON WEB HOSTING SERVICE AND SUPPORT
LINUX HOSTING WINDOWS HOSTING PACKAGES SHOPPING CART OSCOMMERCE ZEN CART AGORA
ECOMMERCE HOSTING ASP MSSQL FRONTPAGE HOSTING PHP MYSQL HOSTING DISCUSSION FORUM
CPANEL RESELLER HOSTING DEDICATED SERVER VPS HOSTING PLESK VIRTUOZZO
Quick Search
Your forum announcement here!

  UK Web Hosting | Dedicated Server Windows and Linux VPS Forum > Sales > Suggestions
Site hacked

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 17-06-2006, 22:12
Atomic-Pigeon's Avatar
Junior Member
  
Join Date: Nov 2005
Posts: 27
Default Site hacked
A warning for everyone - my website (at 147.202.42.190) got hacked a couple of hours ago, and a number of .php files had the following appended:
Code:
which links to a whole bunch of nasty java and malformed WMFs.

Better check to see if you've been affected. (EUK, this means you too. )
Reply With Quote
  #2 (permalink)  
Old 21-06-2006, 22:49
eUKhost.com's Avatar
Chief Marketing Officer
  
Join Date: Sep 2005
Posts: 4,253
Send a message via AIM to eUKhost.com Send a message via MSN to eUKhost.com
Default
This wont happen to us as we dont keep important files and folders with 777 permission. I had sorted this problem for one of our customer and it was lil bit difficult for me to find out which php file was injected by the Kiddie's.

Finally I looked for the files which were included in the index page and one of the config files that was under includes was set 777 permission which allowed the Kid to inject his code at the bottom of the config file.
__________________
UK Web Hosting || Business Hosting || eUKhost Knowledgebase
Toll Free : 0808 262 0255 || MSN : mark @ eukhost.com || AIM : eukmark
A bunch of Sheep led by a Lion is better than a bunch of Lions led by a Sheep.
__________________________________________________

Great Opportunity :: Join our Affiliate Program for FREE and earn 20% commission on each referral.
Reply With Quote
  #3 (permalink)  
Old 22-06-2006, 16:08
Atomic-Pigeon's Avatar
Junior Member
  
Join Date: Nov 2005
Posts: 27
Default
Unfortunately some files do have to be set to 666/777 for scripts to save configuration data, such as a lot of forums, so it's not possible to lock down everything worse luck.

If you've got the date/time of the attack, you should be able to find the affected files by checking their date stamp.
Reply With Quote
Reply

« Email Alerts | Affiliate / coupon comment »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 03:49.

 

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by Web Hosting 3.1.0
Copyright © 2001-2008, eUKhost.com. All rights reserved.

Dedicated Server Hosting | VPS Hosting | Web Hosting UK | cPanel Hosting | Contact Us | UK Web Hosting | Archive
 
Site Map

knowledgebase articles

popular blog categories