Hacked! turkprotest.com

[eUKhost.com]

Quote:

Originally Posted by DPS Computing

Surly we can just "close" this mass exploit then.

Can they only write files called "index" then or just create any file with any name they want and that is it?

They managed to exploit windows bugs which have been fixed by Jack right now. Microsoft has recently released few updates which were not applied on the servers. We have updated those and now everything looks perfect on the servers.

now its my job to take further steps.

[eUKhost.com]

Quote:

Originally Posted by carsey

Have the right CHMOD settings and they shouldnt be able to right to your homepage. But this cannot be helped where write settings are needed.

there's nothing as such in windows. If you are using a windows OS then you will see that when you right click on a directory then under properties section you see various permission options. like read,write, execute for Administrator, user, guest and so on.

Permissions had nothing to do over here as they managed to exploit OS bug.

[carsey]

ahhh. thanks.

[newYounes]

Quote:

Originally Posted by carsey

ahhh. thanks.

I told you EUK HOST is the best!

[WelshTom]

Permenant soluiton: Don't use doze, use linux

[DPS Computing]

Quote:

Originally Posted by eukhost.com

They managed to exploit windows bugs which have been fixed by Jack right now. Microsoft has recently released few updates which were not applied on the servers. We have updated those and now everything looks perfect on the servers.

now its my job to take further steps.

Thats good to hear - especially for all the Windows customers out there.

I wouldn't like to be in the attackers shoes when you take "further steps". You'll probably never let go of them!! .

Quote:

Originally Posted by Thomas

Permenant soluiton: Don't use doze, use linux

Well of course that would be easiest . Some people need Windows though for various products (don't we all know that feeling lol).

[deadman2k]

A possible work around for this issue, although this will not stop hackers uploading/creating/overwriting files, such as the default pages that are support by most modern ISP/HOSTS:

index (html/htm/php/asp/cfm etc..)

default (html/htm/php/asp/cfm etc..)

home (html/htm/php/asp/cfm etc..)

Work around solution to keep website hostings live even after an attack

Request your Hosts make changes to the Directory Index, this is a list of files/pages to be loaded
by default, the first file in the list usually takes precedent i.e. (index.php index.html) index.php will be load first.

Two solutions available:

1: Request your ISP's/HOSTS to remove the default/standard pages from the Directory Index List and replace them with one unique one of your choice, please keep in mind that your will need to include all your desired extensions
example:

mypage.html

mypage.htm

mypage.asp

mypage.aspe

mypage.cfm

mypage.php

Also remember that the first one listed is usually takes priority to be loaded.

2: Similar to the above solution but this time you request that the Hosts adds the unique pages as in the example, and to make them first priority over the Defaults

Additional Info

Apache Web Servers
If your site/domain are hosted on an Apache Web server this is achievable using .htaccess more info visit: http://www.htaccess-guide.com/index.php?a=10

example:

DirectoryIndex hieronymous.html

If your hosts allow the use of .htaccess files, otherwise check/request with your Hosts.

Other Web Servers
Contact your Hosts as they may be able to process your request.

This does not stop hackers uploading/creating files.

[DPS Computing]

Thats good as a temporary solution but I am sure that we will want a more permanent one that stops the hacker compromising the security of the account - this is the paramount priority I imagine!

[deadman2k]

Quote:

Originally Posted by DPS Computing

Thats good as a temporary solution but I am sure that we will want a more permanent one that stops the hacker compromising the security of the account - this is the paramount priority I imagine!

I totally agree, my post was solely posted to help keep people's website hostings up and functioning, there is nothing more annoying than someone overwritting pages whom shouldn't be able too.

[DPS Computing]

Quote:

Originally Posted by deadman2k

I totally agree, my post was solely posted to help keep people's website hostings up and functioning, there is nothing more annoying than someone overwritting pages.

I'm sure it will be appreciated! And I totally agree - I hate my website hosting going down - even more so when its hackers / people mucking about with your site!

[gordo]

Yep had the same dam so and sos hit one of my doamins, luckily it was only the index file and that took me 30 seconds to put right

[newYounes]

Quote:

Originally Posted by gordo

Yep had the same dam so and sos hit one of my doamins, luckily it was only the index file and that took me 30 seconds to put right

Only 30 seconds! U got lucky man!

[DPS Computing]

Quote:

Originally Posted by thug4life

Only 30 seconds! U got lucky man!

Well if you have a local backup you can always restore it - this is why I edit things locally then upload them - it saves remembering to do a specific backup!

[deadman2k]

Quote:

Originally Posted by Thomas

Permenant soluiton: Don't use doze, use linux

Sorry to say but Linux is not a Permanent solution, although a lot of people favour Linux and UNIX. (I am one of them)

Most problems are caused by the power of the server-side scripts (php/asp/cfm etc...)
as these scripts have the power to write and create files regardless of folder/file permissions, regardless of the Server OS, in extreme cases when a Server has no Security at all these scripts are able to read/write and execute files any within the Server OS

[DPS Computing]

Quote:

Originally Posted by deadman2k

Sorry to say but Linux is not a Permanent solution, although a lot of people favour Linux and UNIX. (I am one of them)

Most problems are caused by the power of the server-side scripts (php/asp/cfm etc...)
as these scripts have the power to write and create files regardless of folder/file permissions, regardless of the Server OS, in extreme cases when a Server has no Security at all these scripts are able to read/write and execute files any within the Server OS

Yes but it just goes to show you shouldn't create something you cant control!!

[deadman2k]

if you are not hosting the server yourself at your own office/home then it is not within your control, your require others to manage it for your or its a shared hosting company which again is out your control